Comment on page

Configure SSO Settings

Configure general information about an SSO Settings.

Package and Permission Required
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Configure SSO Settings
Notice to Administrators
​Enhance security for your ProcessMaker Platform instance by following these best practices. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
Configure the following SSO settings as necessary:
​Enable standard login​
​Enable automatic registration​
​Enable permissions for SSO users​
​Enable groups for SSO users​
​Copy permissions and groups for SSO Users​
​Enable debug mode​
​Enable SSO identity providers​
Enable Standard Login
Enable to display settings to log on using user credentials. When disabled, settings only display SSO log on options.
​A package and permission are required to do this.
Follow these steps to enable display settings for standard log on:
1.​​View your SSO settings. The SSO tab displays.
2.Enable the Allow Standard Login toggle key. The following message displays: The setting was updated.
3.​Review, and then configure other SSO settings as necessary.
Enable Automatic Registration
Enable whether SSO users should automatically register the first time that they log on.
​A package and permission are required to do this.
Follow these steps to enable automatic registration:
1.​​View your SSO settings. The SSO tab displays.
2.Enable the Automatic Registration toggle key. The following message displays: The setting was updated.
3.​Review, and then configure other SSO settings as necessary.
Enable Permissions for SSO Users
Specify which permissions to assign new users that are created via SSO:
​A package and permission are required to do this.
Follow these steps to specify which user permissions to assign new users created via SSO:
1.​​View your SSO settings. The SSO tab displays.
2.Click the Edit icon
for the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
​
3.Select a collapsed permission category to expand the view of individual permissions within that category. Otherwise, select an expanded permission category to collapse that category.
​
4.Enable permissions as necessary. See Permission Descriptions for Users and Groups for descriptions.
5.Click Save. The following message displays: The setting was updated.
6.​Review, and then configure other SSO settings as necessary.
Enable Groups for SSO Users
Select to which groups to assign users created via SSO.
​A package and permission are required to do this.
Follow these steps to select to which groups to assign users created via SSO:
1.​View your SSO settings. The SSO tab displays.
2.Click the Edit icon
for the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
3.Click the Groups tab. All available groups display.
​
4.Enable groups as necessary.
5.Click Save. The following message displays: The setting was updated.
6.​Review, and then configure other SSO settings as necessary.
Copy Permissions and Groups for SSO Users
Copy to clipboard a JSON-formatted object of all assigned permissions and groups for users created via SSO.
​A package and permission are required to do this.
Follow these steps to copy the permissions and groups for SSO users:
1.​​View your SSO settings. The SSO tab displays.
2.Click the Copy to Clipboard icon
for the New User Default Config setting. The following message displays: The setting was copied to your clipboard.
3.​Review, and then configure other SSO settings as necessary.
Enable Default SSO Login
Select a default SSO integration to allow users be automatically redirected to the IDP Single Sign On log on page instead of displaying the normal Login page. When the user goes to the log on page, that user is redirected to the selected provider.
​A package and permission are required to do this.
Follow these steps to enable default SSO Integration:
1.​​View your SSO settings. The SSO tab displays.
2.Click the Edit icon
for the Default SSO Login setting. The Default SSO Login screen with the SSO identity providers displays.
​
3.Select an SSO identity provider among:
​Atlassian​
​Auth0​
​Facebook​
​GitHub​
​Google​
​Keycloak​
​Microsoft​
​SAML​
Select the ProcessMaker SSO login option if you do not want an SSO identity provider as the default log on. This option ensures LDAP users to verify accounts in ProcessMaker Platform. This option also helps to log on as an administrator while fixing SSO problems. 
4.Click Save. The following message displays: The setting was updated.
5.​Review, and then configure other SSO settings as necessary.
Enable Debug Mode
Select whether detailed SSO errors should be displayed. It is recommended to disable the debug mode in production servers.
​A package and permission are required to do this.
Follow these steps to enable automatic registration:
1.​​View your SSO settings. The SSO tab displays.
2.Switch on the Debug Mode toggle key. The following message displays: The setting was updated.
3.​Review, and then configure other SSO settings as necessary.
Enable SSO Identity Providers
Select whether to enable single sign-on via SSO identity providers to log on as necessary. The SSO identity provider options display on the log on screen.
​A package and permission are required to do this.
1.​View your SSO settings. The SSO tab displays.
2.Enable any of the following SSO identity providers as necessary:
​Atlassian​
​Auth0​
​Facebook​
​GitHub​
​Google​
​Keycloak​
​Microsoft​
​SAML​
The following message displays: The setting was updated.
3.​Review, and then configure other SSO settings as necessary.
Related Topics
What is Single Sign-On (SSO)?
View SSO Settings
Search for an SSO Setting
Auth Package
What is a Package?

Last modified 28d ago