Articles on: How to Guides

Set Up SSO Authentication in Flowace

Learn how to configure SSO authentication in Flowace using Google or Microsoft Azure AD for secure and seamless team logins.


Introduction


Single Sign-On (SSO) in Flowace lets your team log in securely using your organization’s existing identity provider — such as Google Workspace or Microsoft Azure AD.

By enabling SSO, you centralize user authentication, improve security, and simplify employee access management.


In this guide, you’ll learn how to configure SSO authentication for Flowace, manage sign-up permissions, and apply domain restrictions for enhanced security.


Access the Authentication Settings


  • Sign in as an Admin in Flowace
  • Go to Admin Settings → Authentication
  • You’ll find four key sections:Authentication MethodsOAuth Sign-UpEmail Domain WhitelistConfigure OAuth Apps

💡 Tip: Keep at least one Admin account with password login enabled as a backup before switching fully to SSO.


Choose Authentication Methods


Toggle the methods you want to allow:

  • Email and Password: Enables standard email login
  • OAuth Apps: Enables Single Sign-On through OAuth providers such as Google or Microsoft Azure

Recommended: Turn on OAuth Apps and turn off Email and Password for complete SSO enforcement.


Set OAuth Sign-Up Permissions


Control how new users can sign up via SSO.

  • Preferred Only (e.g., Google): Only the selected provider is allowed for sign-up
  • All OAuth Apps: Users can sign up using any configured SSO provider
  • Disallow All Sign-Up: Blocks new sign-ups; only Admins can add users

💬 Choose “Preferred Only” for consistent identity management and cleaner onboarding


Apply Email Domain Whitelisting


To restrict access only to company users:

  • Under Email Domain Whitelist, add allowed domains (e.g., company.com)
  • Press Enter after each domain
  • Click Save

✅ Only users with whitelisted domains can log in via SSO.


Configure OAuth Providers


You can integrate Google and/or Azure AD for SSO.


a. Google OAuth Configuration

  • Go to the Google Cloud Console
  • Navigate to APIs & Services → Credentials → Create Credentials → OAuth Client ID.
  • Select Web Application.
  • Add the redirect URI: https://<your-flowace-domain>/oauth/callback/google
  • Copy the Client ID and Client Secret
  • In Flowace → Authentication → Configure OAuth Apps → Google, enter these details
  • Enable these toggles:✅ Enable GoogleUse Flowace SSO Config(Optional) Set as Preferred

b. Azure AD OAuth Configuration

  • Open the Azure Portal.
  • Go to Azure Active Directory → App Registrations → New Registration.
  • Enter your app name (e.g., Flowace SSO)
  • Under Redirect URI, add: https://<your-flowace-domain>/oauth/callback/azure
  • Copy the Application (Client) ID, Directory (Tenant) ID, and Client Secret
  • In Flowace → Authentication → Configure OAuth Apps → Azure AD, enter these credentials
  • Enable these toggles:✅ Enable Azure ADUse Flowace SSO Config(Optional) Set as Preferred


Troubleshooting


Issue

Cause

Solution

Redirect error after login

Redirect URI mismatch

Verify URI in IdP and Flowace match exactly

Login button not showing

OAuth App disabled

Re-enable under Configure OAuth Apps

User blocked from signing up

Domain not whitelisted

Add domain under Email Domain Whitelist

“Sign-up not available” message

Sign-Up setting disabled

Change to Preferred Only or All OAuth Apps



Best Practices

  • Keep at least one Admin with password login
  • Ensure redirect URIs match precisely, including HTTPS
  • Enforce MFA (multi-factor authentication) at your IdP for better security
  • Regularly review whitelisted domains
  • Document and communicate login changes to all team members
  • Periodically test the login flow after any system updates




Updated on: 27/10/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!