SSO

Flowise supports OIDC that allows users to use single sign-on (SSO) to access application. Currently only the Organization Admin can configure the SSO configurations.

Microsoft

1. In the Azure portal, search for Microsoft Entra ID:

1. From the left hand bar, click App Registrations, then New Registration:

1. Enter an app name, and select Single Tenant:

1. After an app is created, note down the Application (client) ID and Directory (tenant) ID:

1. On the left side bar, click Certificates & secrets -> New client secret -> Add:

1. After the secret has been created, copy the Value, not the Secret ID:

1. On the left side bar, click Authentication -> Add a platform -> Web:

1. Fill in the redirect URIs. This will need to be changed depending on how you are hosting it: http[s]://[your-flowise-instance.com]/api/v1/azure/callback:

1. You should be able to see the new Redirect URI created:

1. Back to Flowise app, login as Organization Admin. Navigate to SSO Config from left side bar. Fill in the Azure Tenant ID and Client ID from Step 4, and Client Secret from Step 6. Click Test Configuration to see if the connection can be established successfully:

1. Lastly, enable and save it:

1. Before users can sign in using SSO, they have to be invited first. Refer to Inviting users for SSO sign in for step by step guide. Invited users must also be part of the Directory Users in Azure.

Google

To enable Sign In With Google on your website, you first need to set up your Google API client ID. To do so, complete the following steps:

1. Open the Credentials page of the Google APIs console.

2. Click Create credentials > OAuth client ID

3. Select Web Application:

4. Fill in the redirect URIs. This will need to be changed depending on how you are hosting it: http[s]://[your-flowise-instance.com]/api/v1/google/callback:

5. After creating, grab the client ID and secret:

6. Back to Flowise app, add the Client ID and secret. Test the connection and Save it.

Auth0

1. Register an account on Auth0, then create a new Application

1. Select Regular Web Application:

1. Configure the fields such as Name, Description. Take notes of the Domain, Client ID, and Client Secret.

4. Fill in the Application URIs. This will need to be changed depending on how you are hosting it: http[s]://[your-flowise-instance.com]/api/v1/auth0/callback:

1. In the API’s tab, ensure that Auth0 Management API is enabled with the following permissions

   • read:users

   • read:client_grants

6. Back to Flowise App, fill in the Domain, Client ID and Secret. Test and Save the configuration.

Inviting users for SSO sign in

In order for new user to be able to login using SSO, we have to invite new users into Flowise application. This is essential to keep a record of the role/workspace of the invited user. Refer to Invite Users section for env variables configuration.

Organization Admin can choose the login type for invited user:

• SSO: invited user can only login using SSO

• Email/Password: invited user can only login via email/password

Invited user will be receiving invitation link to login:

Clicking the button will bring the invited user directly to Flowise SSO login screen:

Or navigate to Flowise app and Sign in with SSO: