Below is a step-by-step guide for setting up AWS as the SSO provider for Flow Enterprise Server.
Important: These instructions apply only to Flow Enterprise Server.
-
In AWS, begin the process to add and configure a custom SAML 2.0 application (external site, opens in new tab).
-
Download the SAML metadata file and copy the contents.
-
-
In another tab, open Flow.
-
From the top navigation, click Settings.
-
In the left navigation, click SSO under User Management.
-
Click Add SAML integration.
-
In the Configure SAML modal, paste the metadata you copied from AWS.
-
Fill in the Entity ID/Sign in URL field with the URL you will use to log in with after you configure your integration. You can use your organization name or something else, but it must be unique.
-
Enable optional settings if desired:
-
Fill out the Role key if you want roles to be mapped from the attribute value assertion via this key.
-
Manage Roles within Flow: If you want Flow to manage your roles, check this box.
-
Merge new users on Email: If you already have users in Flow with non-SSO logins, check this box. This option automatically deletes previous logins and forces all existing users to log in via your SSO platform.
-
-
Fill out the Full name field with FirstName LastName. This field is case sensitive.
-
Fill out the Email field with Email. This field is case sensitive.
-
Copy the Entity ID/Sign in URL from Flow. Click Save to save your configuration.
-
Go back to AWS. Choose Manually type your metadata values.
-
Paste the Entity ID/Sign in URL in the Application ACS URL field.
-
Fill out the Application SAML audience field with the audience who the assertion is intended for. This is usually the name of your organization, but should be something your users can recognize.
-
Click Submit to finish the configuration.
-
Next, map attributes in your application to AWS attributes (external site, opens in new tab). Attribute fields are case sensitive.
-
Add three new attributes.
-
In the default Subject attribute, use test as the string value and set the format to unspecified.
-
Set up an email attribute with Email as the string value. Set the format to unspecified.
-
Set up a familyName attribute with LastName as the string value. Set the format to unspecified.
-
Set up a givenName attribute with FirstName as the string value. Set the format to unspecified.
-
-
Click Save changes.
-
Finally, assign users to the application (external site, opens in new tab).