Supported platforms

Currently, we support the following platforms for using SSO:

• Azure 

• ADFS 
• ForgeRock 
• Google Workspace
• Duo 
• OneTouch

Enable SSO

To enable SSO, follow these steps:

1. Download the Federation Metadata XML file from your identity provider (Azure, ADFS, etc.).
2. Gather the following fields from the file content:

   a. entityID.
   Example:

• https://accounts.google.com/o/saml2?idpid=...
• https://sts.windows.net/.../

b. X509Certificate. It is a long string. If there is more than one certificate, choose the first one.
Example:

• MIIDdDCCAlygA…
• MIIC8DCCAdigA...

c. SingleSignOnService (Attribute: Location).
Example:

• "https://accounts.google.com/o/saml2/idp?idpid=..."
• "https://login.microsoftonline.com/.../saml2"

3. Log in to your Oneflow account.
4. Go to Admin >  Extensions.
5. Enable the Single sign-on extension (if disabled).
6. Open the Single sign-on extension and click Edit single sign-on.
7. Select an identity provider in the Single sign-on type field.
8. Specify SSO service URL (the ‘SingleSignOnService (Attribute: Location)’ field from the ‘Federation Metadata XML’ file).
9. Specify Entity ID (the ‘entityID’ field from the ‘Federation Metadata XML’ file).
10. Specify X.509 certificate (the ‘X509Certificate’ field from the ‘Federation Metadata XML’ file).
    
11. Click Confirm.