Authentication method: SAML Single Sign-On

Authentication setup in Flow Console can involve configuring Single Sign-On (SSO) using SAML (Security Assertion Markup Language). This setup allows users to access Flow Console using their existing organizational credentials, streamlining access while ensuring secure login.

Below are the steps for the client to set this up:

1. Prepare SAML Integration Requirements

• Identity Provider (IdP) Selection: Ensure you have a compatible SAML 2.0 Identity Provider (e.g., Okta, Microsoft Azure AD, or any SAML-compliant IdP) that will manage user authentication.

• Metadata and Configuration Information: Gather the following details from your IdP:

  • Entity ID (Issuer): A unique identifier for your IdP.

  • SSO URL: The URL where Flow Console will send authentication requests.

  • IdP Metadata URL or XML: This contains the configuration data that Flow needs to validate SAML responses from your IdP.

  • Public Certificate: Used by Flow to verify signatures on the SAML assertions returned from your IdP.

1. Share Identity Provider Details with Flow

• Send the gathered information (Entity ID, SSO URL, metadata, and public certificate) to Flow’s integration support team.

• Flow will use this information to configure SAML settings on its end, enabling communication between Flow Console and your IdP.

• Each SAML integration is unique, but will require the following general configuration details of their IdP:

1. Configure Flow as a Service Provider in Your IdP

• SP Entity ID (Issuer): In your IdP, enter Flow’s Entity ID. This ID is usually provided by Flow during the integration process.

• Assertion Consumer Service (ACS) URL: Configure your IdP to redirect users back to Flow App after authentication. Flow will provide the ACS URL, typically structured as:

  • For production: https://app.flowliving.com/saml/acs

  • For staging or testing: https://app-staging.flowliving.com/saml/acs

• RelayState (Optional): This parameter specifies the landing page in Flow App after successful login. Flow may support RelayState configurations to direct users to specific pages, like a campaign dashboard or user profile.

1. Map User Attributes (if applicable)

• In your IdP, map the necessary user attributes to ensure Flow Console can access essential user information. The most common attribute mappings include:

  • Email Address: Required as a unique identifier for each user.

  • First and Last Name: Optional, but useful for personalization within Flow.

• Custom attributes can also be mapped if specific information (e.g., role or department) is needed for permissions or personalization in Flow Console.

1. Test the SAML Configuration

• Initiate a Test Login: Attempt to log in to Flow App using SAML SSO to ensure that the authentication flow is working as expected.

• Verify Attribute Mapping: Confirm that user details are correctly transferred to Flow App, matching what’s configured in your IdP.

• Troubleshoot Errors: Common issues include misconfigured Entity IDs, certificate mismatches, or incorrect ACS URLs. Work with Flow’s support team to address any authentication errors.

1. Enable SAML SSO for All Users

• Once testing is successful, activate SAML SSO for all users who need access to Flow App. This may involve setting Flow Console as an available application in your IdP portal.

1. Monitor and Maintain the SAML Integration

• Periodic Certificate Updates: SAML certificates often have expiration dates. Schedule periodic updates to renew certificates to avoid interruptions.

• User Access Management: As roles or access requirements change, update user permissions in your IdP to ensure only authorized users have access to Flow Console.