This article outlines the steps for setting up single sign-on (SSO) for mfloow and Microsoft.
Updated June 20, 2024
Important Considerations for Usage
- The SSO feature requires a subscription plan of "Business" or higher.
- Currently, only SP-Initiated SSO is supported.
- Only users with the roles of "Owner" or "Standard Administrator" are authorized to configure the SSO settings.
- The SSO settings for Microsoft can only be configured by users with administrative privileges. Please consult your IT department for further assistance.
- The email address registered for administrators in mfloow must match the email address registered with Microsoft.
- Even if SSO is enabled, members who have already set a password will still be able to log in using their email address and password.
- If members using SSO have not set a password within mfloow, they can perform a "Password Reset" to establish their password.
Setting Up SSO Authentication for mfloow (Service Provider) and Microsoft (Identity Provider)
1. Log in to the Microsoft Azure management portal and search for "Enterprise Applications," then click on it.
2. Click on "Create New Application."
3. Click on "Create Your Own Application," and the configuration options will appear on the left side of the screen. Enter the required information and then click the "Create" button.
| "What is the name of your application?" | Enter any desired application name (e.g., mfloow) |
| What actions do you want to perform with the application? | "Select 'Other applications not found in the gallery...'" |
4. The application detail screen will be displayed. Click on "2. Configure Single Sign-On."
5. On the "Select Single Sign-On Method" screen, click on "SAML."
6. Click the "Edit" button located in the "Basic SAML Configuration" section on the next screen.
7. On the "Basic SAML Configuration" screen, enter the information from the mfloow settings page and then click the "Save" button.
mfloow:
Microsoft:
| mfloow | Microsoft |
| SP Entity ID | Entity ID Identifier |
| ACS URL | Response URL(Assertion Consumer Service URL) |
8. On the application detail screen in Microsoft, refer to the sections for "Setup mfloow" and "SAML Certificate." Then, navigate to the "SAML SSO Settings" on the mfloow Single Sign-On page and click the "Configure" button. Enter the required information and click the "Save" button to complete the setup.
Microsoft:
mfloow:
| Microsoft | mfloow |
| Microsoft Entra Identifier | Entity ID |
| Login URL | SSO URL |
| Click the "Download" button for the "Certificate (Base64)" found in section ③ SAML Certificate, then open the downloaded file in a text editor to copy its contents. | Certificate |
9. In the Microsoft application detail screen, click on "Users and Groups." Then, select "Add User or Group" on the Users and Groups page to choose the relevant users.
10. Return to the mfloow SSO settings page and click on the toggle labeled "Enable SAML SSO."
11. Click the "Enable" button in the pop-up to complete the process.
Logging In with Microsoft SSO
1. On the login screen, enter your "Company ID" and click the "Next" button.
2. On the next screen, click the "Log in with SAML SSO" button.
If you are already logged into Microsoft:
A pop-up will appear, and once the process is complete, it will close automatically, logging you into mfloow.
If you are not logged into Microsoft:
A pop-up will appear prompting you to enter your Microsoft login credentials. Once you successfully log in to Microsoft, the pop-up will close automatically, and you will be logged into your mfloow account.
Disable SSO
Click the toggle labeled "Enable SAML SSO" on the mfloow SSO settings page.
A confirmation pop-up will appear. Click the "Disable" button to turn off SSO.
