Manage your SSO settings.
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Configure general information about an SSO Settings.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Enhance security for your ProcessMaker Platform instance by following these best practices. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
Configure the following SSO settings as necessary:
Enable standard login. Otherwise, log on through SSO IdPs.
Follow these steps to enable standard login:
​View your SSO settings. The SSO tab displays.
Enable the Allow Standard Login toggle key. The following message displays: The setting was updated.
Enable whether SSO users should automatically register the first time that they log on.
Follow these steps to enable automatic registration:
​View your SSO settings. The SSO tab displays.
Enable the Automatic Registration toggle key. The following message displays: The setting was updated.
Change which permissions from each permission category to assign users created through SSO.
Follow these steps to enable permissions for SSO users:
​View your SSO settings. The SSO tab displays.
Enable permissions as necessary. See Permission Descriptions for Users and Groups for descriptions.
Click Save. The following message displays: The setting was updated.
Change which groups to assign users created through SSO.
View your SSO settings. The SSO tab displays.
Enable groups as necessary.
Click Save. The following message displays: The setting was updated.
Copy to clipboard a JSON format of all permissions and groups.
Follow these steps to copy the permissions and groups for SSO users:
​View your SSO settings. The SSO tab displays.
Select whether detailed SSO errors should be displayed. It is recommended to disable the debug mode in production servers.
Follow these steps to enable automatic registration:
​View your SSO settings. The SSO tab displays.
Switch on the Debug Mode toggle key. The following message displays: The setting was updated.
Select whether to enable single sign-on via SSO identity providers to log on as necessary. The SSO identity provider options display on the log on screen.
View your SSO settings. The SSO tab displays.
Click the Edit iconfor the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
Select a collapsed permission category to expand the view of individual permissions within that category. Otherwise, select an expanded permission category to collapse that category.
Click the Edit iconfor the New User Default Config setting. The New User Default Config screen with the Permissions tab displays.
Click the Groups tab. All available groups display.
Click the Copy to Clipboard iconfor the New User Default Config setting. The following message displays: The setting was copied to your clipboard.
Configure SSO settings for Atlassian.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Atlassian:
Client ID
Client Secret
To generate or locate this information, refer to the Atlassian Developer Guide.
See an example in the following video showing how to configure Atlassian SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 3 minutes; contains narration
Configure the following Atlassian SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Atlassian option. The SSO - Atlassian tab displays.
Enter your Atlassian client ID, and then click Save.
Enter your Atlassian client secret, and then click Save
Configure SSO settings for Auth0.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Auth0:
Client ID
Client Secret
Domain
To generate or locate this information, contact your Auth0 identity provider.
See an example in the following video showing how to configure Auth0 SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Auth0 SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Auth0 option. The SSO - Auth0 tab displays.
Enter your Auth0 client ID, and then click Save.
Enter your Atlassian client secret, and then click Save.
Enter your Auth0 domain, and then click Save.
Configure SSO settings for Facebook.
The following information is required to configure SSO with Facebook:
App ID
App Secret
See an example in the following video showing how to configure Facebook SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Facebook SSO settings as necessary:
Enter your Facebook App ID, and then click Save.
Enter your Facebook app secret, and then click Save
Configure SSO settings for Google.
The following information is required to configure SSO with Google:
Client ID
Client Secret
See an example in the following video showing how to configure Google SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Google SSO settings as necessary:
Enter your Google client ID, and then click Save.
Enter your Google client secret, and then click Save
Configure SSO settings for GitHub.
The following information is required to configure SSO with GitHub:
Client ID
Client Secret
See an example in the following video showing how to configure GitHub SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following GitHub SSO settings as necessary:
Enter your GitHub client ID, and then click Save.
Enter your GitHub client secret, and then click Save
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Atlassian developer console.
Use the copy icon to copy the URL from the Callback URL setting, and then provide it to your Auth0 identity provider.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Click the Edit iconfor the Domain setting. The Domain screen displays.
The must be installed.
See the permissions or ask your Administrator for assistance.
To generate or locate your Facebook app ID and app secret, refer to .
​. From the list of SSO identity providers, select the Facebook option. The SSO - Facebook tab displays.
Click the Edit iconfor the App ID setting. The App ID screen displays.
Click the Edit iconfor the App Secret setting. The App Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Facebook for Developers app.
The must be installed.
See the permissions or ask your Administrator for assistance.
To generate or locate your Google client ID and client secret, refer to
​. From the list of SSO identity providers, select the Google option. The SSO - Google tab displays.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Google Web application settings.
The must be installed.
See the permissions or ask your Administrator for assistance.
To generate or locate your GitHub client ID and client secret, refer to .
​. From the list of SSO identity providers, select the GitHub option. The SSO - GitHub tab displays.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your GitHub application settings.
Configure SSO settings for Microsoft.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Microsoft:
Client ID
Client Secret
To generate or locate your Microsoft client ID and client secret, refer to Register an app in the Microsoft identity platform.
See an example in the following video showing how to configure Microsoft SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 2 minutes; contains narration
Configure the following Microsoft SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Microsoft option. The SSO - Microsoft tab displays.
Enter your Microsoft client ID, and then click Save.
Enter your Microsoft client secret, and then click Save
Configure SSO settings for Keycloak.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
The following information is required to configure SSO with Keycloak:
Base URL
Client ID
Client Secret
Realm
To generate or locate this information, refer to Keycloak Server Administration.
See an example in the following video showing how to configure Keycloak SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 3 minutes; contains narration
Configure the following Keycloak SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the Keycloak option. The SSO - Keycloak tab displays.
Enter your Keycloak base URL, and then click Save.
Enter your Keycloak client ID, and then click Save.
Enter your Keycloak client secret, and then click Save.
Enter your Keycloak realm, and then click Save.
Configure SSO settings for SAML.
The Auth package must be installed.
Furthermore, your user account or group membership must have the "Settings: Update Settings" permission to edit SSO SAML settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Enhance security for your ProcessMaker Platform instance by following these best practices. Among these best practices are to require all ProcessMaker users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
The following information is required to configure SSO with SAML:
SSO endpoint
SSO identifier
SLO endpoint
Encryption type
Authentication context
Public certificate
Name ID format
To generate or locate this information, contact your SAML identity provider.
See an example in the following video showing how to configure SAML SSO settings.
Intended audience: System administrators and Process designers
Viewing time: 6 minutes; contains narration
Note: The video demonstrates the procedure to configure SAML SSO using obsolete settings. The written form of this procedure uses the current settings.
Configure the following SAML SSO settings as necessary:
​Configure your SSO Settings. From the list of SSO identity providers, select the SAML option. The SSO - SAML tab displays.
Enter the identity provider URL from which ProcessMaker retrieves the authentication response and validates it when establishing the SSO session. Your identity provider provides this URL.
Enter the URL that references the SAML XML file for your identity provider (IdP). Your identity provider provides this URL.
Enter the logout URL provided by your identity provider.
From the list of encryption types, select the encryption type your identity provider uses.
Use the Authentication Context toggle to indicate whether to send authentication context in the authorization request or not.
Enter the identity provider's certificate fingerprint by pasting it into this setting. Your identity provider provides this certificate. Ensure to include the -----BEGIN CERTIFICATE----- header. ProcessMaker retrieves the authentication response and validates it using the identity provider's certificate fingerprint.
Click the browse button and then select the file containing your SAML certificate, if one is available from your identity provider.
Click the browse button and then select the file containing your SAML key, if one is available from your identity provider.
Click the Add button. An empty row displays.
In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.
In the SAML Attribute setting field, enter the SSO SAML attribute from which to map to the ProcessMaker user property.
Click Save. The following message displays: The setting was updated.
Click the Add button. An empty row displays.
In the ProcessMaker Property setting, enter the ProcessMaker user property to which to match the SSO SAML attribute.
In the SAML Attribute setting, enter the SSO SAML attribute from which to map to the ProcessMaker user property.
Click Save. The following message displays: The setting was updated.
Enter the name identifier format supported by your SAML identity provider.
Copy an SSO configuration to the clipboard.
Copy to clipboard an SSO configuration to have this information in another environment or for testing purposes.
Follow these steps to copy an SSO configuration:
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Microsoft application settings.
Click the Edit iconfor the Base URL setting. The Base URL screen displays.
Click the Edit iconfor the Client ID setting. The Client ID screen displays.
Click the Edit iconfor the Client Secret setting. The Client Secret screen displays.
Click the Edit iconfor the Realm setting. The Realm screen displays.
Use the copy icon to copy the URL from the Redirect setting, and then provide it in your Keycloak Admin Console.
Use the copy icon to copy the URL from the ACS Url setting, and then provide it to your SAML identity provider.
Use the copy icon to copy the URL from the Entity ID (Metadata) setting, and then provide it to your SAML identity provider.
Use the copy icon to copy the URL from the Single Logout URL setting, and then provide it to your SAML identity provider.
Click the Edit iconfor the SSO Endpoint setting. The SSO Endpoint screen displays.
Click the Edit iconfor the SSO Identifier setting. The SSO Identifier screen displays.
Click the Edit iconfor the SLO Endpoint setting. The SLO Endpoint screen displays.
Click the Edit iconfor the Encryption Type setting. The Encryption Type screen displays.
Click the Edit iconfor the Public Certificate setting. The Public Certificate screen displays.
Click the Edit iconfor the File crt setting. The File crt screen displays.
Click the Edit iconfor the File key setting. The File key screen displays.
Click the Edit iconfor the User Matching setting. The User Matching screen displays.
Optionally, click the Delete iconto delete a mapped ProcessMaker user property.
Click the Edit iconfor the Variable Map setting. The Variable Map screen displays.
Optionally, click the Delete iconto delete a mapped ProcessMaker user property, .
Click the Edit iconfor the Name ID Format setting. The Name ID Format screen displays.
The must be installed.
See the permissions or ask your Administrator for assistance.
. The SSO tab displays.
Click the Copy to Clipboard iconfor your SSO configuration. The following message displays: The setting was copied to your clipboard.
Filter all SSO Settings in your server to find that one you need.
Use the Search function to filter all SSO settings from the SSO page based on your entered text.
The Auth package must be installed.
Your user account or group membership must have the "Settings: Update Settings" permission to search for an SSO setting unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Follow these steps to search for an SSO setting:
​View your SSO Settings. The SSO tab displays.
In the Search setting, enter the Setting name to filter by SSO setting name.
Click the Search iconor press enter. The SSO settings display that match your entered text.
View all settings for the SSO authentication. View SSO settings like Atlassian, Auth0, Facebook, Github, Google, Keycloak, Microsoft, and SAML.
Display all SSO settings in one location. This makes it easy to manage these settings.
The Auth package must be installed.
Your user account or group membership must have the "Settings: Update Settings" permission to view SSO settings unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Follow these steps to view all SSO settings to synchronize users in your organization:
Ensure that you are logged on to ProcessMaker.
Click the Admin option from the top menu. The Users page displays.
Click the SSO tab. The SSO tab displays all SSO settings.
The SSO tab displays the following information in tabular format about SSO settings:
Setting: The Setting column displays the SSO setting name.
Configuration: The Configuration column displays the setting value and how it is configured.
Use the Search setting to filter SSO Settings that display.
Click the Settings iconfrom the left sidebar. The Settings page displays a tab for each setting.
Click the Edit icon or switch on a toggle. See Configure SSO Settings.
Clear an SSO configuration to an empty value.
Clear an SSO configuration to an empty value.
The Auth package must be installed.
Your user account or group membership must have the "Settings: Update Settings" permission to clear an SSO setting unless your user account has the Make this user a Super Admin setting selected.
See the Settings permissions or ask your Administrator for assistance.
Clearing an SSO configuration setting cannot be undone.
Follow these steps to clear an SSO configuration setting:
​View your SSO settings. The SSO tab displays.
Click the Clear iconfor your SSO configuration setting. The following message displays: The setting was updated.