Important: These instructions apply only to Flow on-premises.
Below is a step-by-step guide for connecting your Flow account using Okta. Here is a list of all other SSO hosts we support.
- Sign into Okta and navigate to the top right corner and click Admin.
- Click Add Applications.
- Click Create New App.
- Select Web for Platform and SAML 2.0 for Sign on method. Then click Create.
- Fill out App name. It can be anything (i.e. Flow). Then click Next.
- In another tab, open your Flow App, starting on your Flow Home page go to the left navigation bar. At the bottom go to Settings then select SSO.
- Select New SAML Integration.
- In the Configure SML integration modal, fill in the “Login URL” field with your organization name. This is the URL you will use for logging in with after you configure your integration. You can use your organization name or something else. It just needs to be unique. You will use this same URL in Step 10 below.
- Navigate back to where you left off in Okta and fill in the following information under the General settings:
- Single sign on URL: This is the full URL from the screen above in Flow; i.e. https://app.gitprime/accounts/saml/mycompany
- Audience URI (SP Entity ID): This is the same URL as in step A, above.
- Application username: Select “Email” from the drop down menu.
- On the same screen, under Attribute Statements, click Add Another to add two more rows so you can map the following fields:
These fields are case sensitive.
- Using the drop down menu under Value, map the values appropriately to the fields you just created.
- Under Group Attribute Statements, map your current roles in Okta to their respective role in Flow. "Owners" and "Members" are roles created by default for your organization, but you can go into Flow with your initial / setup account and create any roles and associated permissions you'd like.
These fields are case sensitive. Make sure your roles are spelled exactly the same in Flow and Okta.
- In this example: “Managers” and “Developers” in the screenshot above are roles that your organization already has in Okta. The “Managers” Okta Group will be mapped to the Flow “Owners” Role and the “Developers” Okta Group to the “Members” Flow Role.
The end result for this step looks something like this:
- Click Next.
- Select I am an Okta customer adding an Internal app.
- Then click Finish.
- After clicking Finish, you will be redirected to the screen below. Click Identity Provider metadata. This will download a file that you can open in a text editor. Copy the meta data to your clipboard.
- In your Flow *tab, paste the metadata in the metadata field.
- After pasting your metadata, type all the fields that map to your SAML fields. These fields are case sensitive so make sure they match exactly what you used in Okta.
- Manage Roles within Flow: If you want Flow to manage your roles make sure to check to check this box.
- Merge New Users on Email: Check this box if you already have Users invited into your Flow account using non-SSO logins. This will automatically delete the previous logins and force all existing Users to login via your SSO platform.
- Click Save.
- Once you click Save, your Okta Integration is complete in Flow.
- You will need to go back to Okta and add users to the Flow application.
- Click Assign Applications.
- Click the application you just created for Flow and then the user you want to add to the application.
- Click Next.
- Click Confirm Assignments.
- You have successfully connected Flow with your Okta account. Your users will now be able to use the login URL, i.e. https://YOUR_DOMAIN/accounts/saml/mycompany to login to Flow.
Something went wrong
If you were not able to login to your Flow account using your SAML URL, and you receive an error like the one below, make sure to review the following configuration steps:
- Does your sign on URL to match the URL in Flow? (Step 10)
- Review your “Attribute Statements” and “Group Attribute Statements”. These fields are case sensitive and need to be identical to their respective Flow Role and Okta Group. (Step 11-13)
If you need help, please email Support (opens email form) for 24/7 assistance.