Overview

Add an identity provider (IdP) to a tenant to provide external user authentication for your flows.

Adding an identity provider (IdP) to a tenant allows for external user authentication for your flows. This enables the delegation of flow user authentication to an external IdP service, facilitating Single Sign-On (SSO) capabilities. Users can access the flow only after successfully signing in to the IdP using their existing social or enterprise accounts.

When Enhanced Token Security is enabled, an encrypted one-time-use token is provided to the flow runtime UI as part of a redirect-based authentication scheme. This token is then exchanged securely with the flow API to complete the authentication process.

To add and configure an identity provider, navigate to Identity Providers page. You can use this identity provider to control access to an entire flow, or to specific sections of a flow by using swimlanes. This is accomplished by adding the required groups or users to the Authentication section on the Flow Properties form or a swimlane step.

Supported Identity providers

The following identity provider frameworks and protocols are supported:

• Open Authorization (OAuth) 2.0. See Adding an OAuth 2.0 identity provider.

• OpenID Connect (OIDC). See Adding an OIDC identity provider.

• Security Assertion Markup Language (SAML). See Adding a SAML identity provider.

Worked examples

To help you get started with using an identity provider to provide flow authentication, the following worked examples are provided:

• Using Okta SAML for flow authentication

• Using OIDC for flow authentication