Submit a ticket
Welcome
Login
  1. Oneflow Help Center
  2. Solution home
  3. Integrations
  4. Public API

Configuring Azure SSO for Oneflow

Dineth Kurukularatchi
Modified on: Mon, 9 Sep, 2024 at 3:27 PM

Introduction

This article provides a comprehensive guide on integrating Microsoft Entra ID with Oneflow. You can easily provision users with single sign-on (SSO) functionality using the Oneflow connector on the Microsoft Entra app gallery. 

Integrating Microsoft Entra ID with Oneflow allows you to:

  • Control which users have access to Oneflow.
  • Enable your users to sign in to Oneflow with their Microsoft Entra accounts automatically.
  • Manage your accounts in one central location.

Stage 1: Install the Oneflow Application from the Microsoft Entra application gallery

Install the Oneflow application from the Microsoft Entra application gallery to start managing and provisioning Oneflow users.

Learn more:
To learn more, refer to the Microsoft documentation on Adding an enterprise application.

Stage 2: Setup Single sign-on in the Oneflow application

  1. Navigate to Identity > Applications > Enterprise applications > Oneflow > Single sign-on.
  2. On the Select a single sign-on method page, select SAML.
  3. Then follow the steps listed in the Azure SSO guide to set up the SSO on the Microsoft Entra oneflow application.

Stage 3: Setup provisioning in the Oneflow application

  1. Navigate to Identity > Applications > Enterprise applications > Oneflow > Provisioning.

  2. Click Get Started, then set the Provisioning Modeto Automatic.

  3. Under the Admin Credentials section:


    Set the Tenant URL to https://api.oneflow.com/scim/v1/
    As the Secret Token, add the SCIM token generated in the Oneflow SCIM page.
  4. In the Oneflow web application, go to Marketplace > SCIM.

  5. In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications and select the Send an email notification when a failure occurs check box.

  6. Go back to Identity > Applications > Enterprise applications > Oneflow > Provisioning.
  7. Go to the Attribute-Mapping and review the attribute mappings listed in the Microsoft tutorial on provisioning users.

Stage 4: Sync the users and groups from Microsoft Entra to Oneflow.

Once the application is fully configured, you can start provisioning by selecting the Start Provisioning button on the enterprise application's Provisioning page. 

Managing users and groups in Oneflow

In Oneflow, go to Admin > Users/Groups to view the imported users or groups. You can assign users to groups in Oneflow. Each group has:

  • Workspace access: All users within a group in Oneflow will have access to the assigned workspaces.
  • Account roles (optional): All users within a group can be assigned one or more roles (i.e. administrator, user), each with a set of defined permissions. To set up roles go to Admin > Roles.
Note:
When assigning users to groups, ensure that the group is assigned to at least one workspace. Users who do not have access to any workspace will not be able to access Oneflow's features upon logging in (i.e. dashboard, templates, address book).To learn more, see Users and groups and Roles and permissions.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles