SSO
Last updated
Last updated
SSO is only available for Enterprise plan
Flowise supports OIDC that allows users to use single sign-on (SSO) to access application. Currently only the Organization Admin can configure the SSO configurations.
In the Azure portal, search for Microsoft Entra ID:
From the left hand bar, click App Registrations, then New Registration:
Enter an app name, and select Single Tenant:
After an app is created, note down the Application (client) ID and Directory (tenant) ID:
On the left side bar, click Certificates & secrets -> New client secret -> Add:
After the secret has been created, copy the Value, not the Secret ID:
On the left side bar, click Authentication -> Add a platform -> Web:
Fill in the redirect URIs. This will need to be changed depending on how you are hosting it: http[s]://[your-flowise-instance.com]/api/v1/azure/redirect:
You should be able to see the new Redirect URI created:
Back to Flowise app, login as Organization Admin. Navigate to SSO Config from left side bar:
Fill in the Azure Tenant ID and Client ID from Step 4, and Client Secret from Step 6. Click Test Configuration to see if the connection can be established successfully:
Lastly, enable and save it:
Before users can sign in using SSO, they have to be invited first. Refer to Inviting users for SSO sign in for step by step guide. Invited users must also be part of the Directory Users in Azure.
In order for new user to be able to login using SSO, we have to invite new users into Flowise application. This is essential to keep a record of the role/workspace of the invited user. Refer to Invite Users section for env variables configuration.
Organization Admin can choose the login type for invited user:
SSO: invited user can only login using SSO
Email/Password: invited user can only login via email/password
Invited user will be receiving invitation link to login:
Clicking the button will bring the invited user directly to Flowise SSO login screen:
Or navigate to Flowise app and Sign in with SSO:
