Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Configure SSO settings for Auth0.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Auth0:
Client ID
Client Secret
Domain
To generate or locate this information, contact your Auth0 identity provider.
See an example in the following video showing how to configure Auth0 SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Auth0 SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Auth0 option. The SSO - Auth0 tab displays.
Enter your Auth0 client ID, and then click Save.
Enter your Atlassian client secret, and then click Save.
Enter your Auth0 domain, and then click Save.
Use the copy icon to copy the URL from the Callback URL setting, and then provide it to your Auth0 identity provider.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Click the Edit iconfor the Domain setting. The Domain screen displays.
Configure SSO settings for Atlassian.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Atlassian:
Client ID
Client Secret
To generate or locate this information, refer to the Atlassian Developer Guide.
See an example in the following video showing how to configure Atlassian SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 3 minutes; contains narration
Configure the following Atlassian SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Atlassian option. The SSO - Atlassian tab displays.
Enter your Atlassian client ID, and then click Save.
Enter your Atlassian client secret, and then click Save
Configure SSO settings for Google.
The following information is required to configure SSO with Google:
Client ID
Client Secret
See an example in the following video showing how to configure Google SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Google SSO settings as necessary:
Enter your Google client ID, and then click Save.
Enter your Google client secret, and then click Save
Configure general information about an SSO Settings.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO settings unless your user account has the Make this user a Super Admin setting selected.
Enable to display settings to log on using user credentials. When disabled, settings only display SSO log on options.
Follow these steps to enable display settings for standard log on:
Enable the Allow Standard Login toggle key. The following message displays: The setting was updated.
Enable whether SSO users should automatically register the first time that they log on.
Follow these steps to enable automatic registration:
Enable the Automatic Registration toggle key. The following message displays: The setting was updated.
Follow these steps to specify which user permissions to assign new users created via SSO:
Click Save. The following message displays: The setting was updated.
Follow these steps to select to which groups to assign users created via SSO:
Enable groups as necessary.
Click Save. The following message displays: The setting was updated.
Select a default SSO integration to allow users be automatically redirected to the IDP Single Sign On log on page instead of displaying the normal Login page. When the user goes to the log on page, that user is redirected to the selected provider.
Follow these steps to enable default SSO Integration:
Select an SSO identity provider among:
Select the ProcessMaker SSO login option if you do not want an SSO identity provider as the default log on. This option ensures LDAP users to verify accounts in ProcessMaker Platform. This option also helps to log on as an administrator while fixing SSO problems.
Click Save. The following message displays: The setting was updated.
Follow these steps to enable automatic registration:
Switch on the Debug Mode toggle key. The following message displays: The setting was updated.
Enable any of the following SSO identity providers as necessary:
The following message displays: The setting was updated.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Atlassian developer console.
The must be installed.
See the permissions or ask your Administrator for assistance.
To generate or locate your Google client ID and client secret, refer to
​. From the list of SSO identity providers, select the Google option. The SSO - Google tab displays.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Google Web application settings.
The must be installed.
See the permissions or ask your Administrator for assistance.
. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
Configure the following settings as necessary:
.
. The SSO tab displays.
.
.
. The SSO tab displays.
.
Specify which permissions to assign new users that are created via :
.
. The SSO tab displays.
Click the Edit iconfor the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
Select a collapsed permission category to expand the view of individual permissions within that category. Otherwise, select an expanded permission category to collapse that category.
Enable permissions as necessary. See for descriptions.
.
Select to which groups to assign users created via .
.
. The SSO tab displays.
Click the Edit iconfor the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
Click the Groups tab. All available groups display.
.
Copy to clipboard a JSON-formatted object of all assigned permissions and groups for users created via .
.
Follow these steps to copy the permissions and groups for users:
. The SSO tab displays.
Click the Copy to Clipboard iconfor the New User Default Config setting. The following message displays: The setting was copied to your clipboard.
.
.
. The SSO tab displays.
Click the Edit iconfor the Default SSO Login setting. The Default SSO Login screen with the SSO identity providers displays.
.
Select whether detailed errors should be displayed. It is recommended to disable the debug mode in production servers.
.
. The SSO tab displays.
.
Select whether to enable single sign-on via identity providers to log on as necessary. The SSO identity provider options display on the screen.
.
. The SSO tab displays.
.
Configure SSO settings for Facebook.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Facebook:
App ID
App Secret
To generate or locate your Facebook app ID and app secret, refer to Facebook for Developers.
See an example in the following video showing how to configure Facebook SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Facebook SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Facebook option. The SSO - Facebook tab displays.
Enter your Facebook App ID, and then click Save.
Enter your Facebook app secret, and then click Save
Configure SSO settings for GitHub.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with GitHub:
Client ID
Client Secret
To generate or locate your GitHub client ID and client secret, refer to Authorizing OAuth Apps - GitHub Docs.
See an example in the following video showing how to configure GitHub SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following GitHub SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the GitHub option. The SSO - GitHub tab displays.
Enter your GitHub client ID, and then click Save.
Enter your GitHub client secret, and then click Save
Configure SSO settings for Microsoft.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Microsoft:
Client ID
Client Secret
To generate or locate your Microsoft client ID and client secret, refer to Register an app in the Microsoft identity platform.
See an example in the following video showing how to configure Microsoft SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Microsoft SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Microsoft option. The SSO - Microsoft tab displays.
Enter your Microsoft client ID, and then click Save.
Enter your Microsoft client secret, and then click Save
Configure SSO settings for Keycloak.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Keycloak:
Base URL
Client ID
Client Secret
Realm
To generate or locate this information, refer to Keycloak Server Administration.
See an example in the following video showing how to configure Keycloak SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 3 minutes; contains narration
Configure the following Keycloak SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Keycloak option. The SSO - Keycloak tab displays.
Enter your Keycloak base URL, and then click Save.
Enter your Keycloak client ID, and then click Save.
Enter your Keycloak client secret, and then click Save.
Enter your Keycloak realm, and then click Save.
Configure SSO settings for SAML.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Enhance security for your ProcessMaker Platform instance by following these best practices. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
The following information is required to configure SSO with SAML:
SSO endpoint
SSO identifier
SLO endpoint
Encryption type
Authentication context
Public certificate
Name ID format
To generate or locate this information, contact your SAML identity provider.
See an example in the following video showing how to configure SAML SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 6 minutes; contains narration
Note: The video demonstrates the procedure to configure SAML SSO using obsolete settings. The written form of this procedure uses the current settings.
Configure the following SAML SSO settings as necessary:
​View your SSO Settings. From the list of SSO identity providers, select the SAML option. The SSO - SAML tab displays.
Click the SSO - SAML tab. The SSO - SAML settings display.
Enter the identity provider URL from which ProcessMaker retrieves the authentication response and validates it when establishing the SSO session. Your identity provider provides this URL.
Enter the URL that references the SAML XML file for your identity provider (IdP). Your identity provider provides this URL.
Enter the logout URL provided by your identity provider.
From the list of encryption types, select the encryption type your identity provider uses.
Use the Authentication Context toggle to indicate whether to send authentication context in the authorization request or not.
Enter the identity provider's certificate fingerprint by pasting it into this setting. Your identity provider provides this certificate. Ensure to include the -----BEGIN CERTIFICATE----- header. ProcessMaker retrieves the authentication response and validates it using the identity provider's certificate fingerprint.
Click the browse button and then select the file containing your SAML certificate, if one is available from your identity provider.
Click the browse button and then select the file containing your SAML key, if one is available from your identity provider.
Click the Add button. An empty row displays.
In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.
In the SAML Attribute setting field, enter the SSO SAML attribute from which to map to the ProcessMaker user property.
Click Save. The following message displays: The setting was updated.
Click the Add button. An empty row displays.
In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.
In the SAML Attribute setting, enter the SSO SAML attribute from which to map to the ProcessMaker user property.
Click Save. The following message displays: The setting was updated.
Enter the name identifier format supported by your SAML identity provider.
Click the Edit iconfor the App ID setting. The App ID screen displays.
Click the Edit iconfor the App Secret setting. The App Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Facebook for Developers app.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your GitHub application settings.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Microsoft application settings.
Click the Edit iconfor the Base URL setting. The Base URL screen displays.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Click the Edit iconfor the Realm setting. The Realm screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Keycloak Admin Console.
Use the copy icon to copy the URL from the ACS Url setting, and then provide it to your SAML identity provider.
Use the copy icon to copy the URL from the Entity ID (Metadata) setting, and then provide it to your SAML identity provider.
Use the copy icon to copy the URL from the Single Logout URL setting, and then provide it to your SAML identity provider.
Click the Edit iconfor the SSO Endpoint setting. The SSO Endpoint screen displays.
Click the Edit iconfor the SSO Identifier setting. The SSO Identifier screen displays.
Click the Edit iconfor the SLO Endpoint setting. The SLO Endpoint screen displays.
Click the Edit iconfor the Encryption Type setting. The Encryption Type screen displays.
Click the Edit iconfor the Public Certificate setting. The Public Certificate screen displays.
Click the Edit iconfor the File crt setting. The File crt screen displays.
Click the Edit iconfor the File key setting. The File key screen displays.
Click the Edit iconfor the User Matching setting. The User Matching screen displays.
Optionally, click the Delete iconto delete a mapped ProcessMaker user property.
Click the Edit iconfor the Variable Map setting. The Variable Map screen displays.
Optionally, click the Delete iconto delete a mapped ProcessMaker user property, .
Click the Edit iconfor the Name ID Format setting. The Name ID Format screen displays.