FlowFast
Go to FlowFast
Knowledge baseSingle sign-on (SSO) configuration

OpenID Connect (Windows Server 2019 Active Directory)

To configure it, go to the Server Manager

  1. Click on tools and select "AD FS Management" from the drop-down list.

  1. In the window that opens, select the "Application Groups" folder and click on "Add Application Group" in the right-hand menu

  1. Enter an arbitrary name and select "Server application accessing a web API" and click Next.

  1. Copy Client Identifier, enter Redirect Url https://[your domain in FlowFast]/auth/oidc/callback and click Add, paste Client Identifier in FlowFast into clientID field. Click next.

  1. Select "Generate a shared secret", copy it and paste it into FlowFast in the clientSecret field. Press Тext.

  1. Insert Client Identifier from step 4 and click Add. Click Next.

  1. Select Permit everyone and press Next.

  1. Make sure openid, allatclaims, email, profile are selected in the permission list and click Next.

  1. In the next 2 steps, press Next and Close.

  2. Select the created group and press properties. 

  1. In the Web API section, select the created group and click Edit.

  1. Select the "Issuance Transform Rules" subsection and press the Add Rule button

  1. Select "Send LDAP Attributes as Claims" and click Next.

  1. Enter an arbitrary name. In the Attribute store select Active Directory. Select "E-Mail-Addresses" in the left drop-down list and "E-Mail Address" in the right drop-down list. Select "Display-Name" from the left and "Name" from the right. Press Finish.

  1. Click Apply.

  2. Open the Service folder and check that the /adfs/.well-known/openid-configuration route is available. 

  1. Enter this route in FlowFast in the identityMetadata field.

  1. (Optional) To log in as the desired user, go to /adfs/ls/idpinitiatedsignon and log in if required. If this route is not available, you can enter the command Set-AdfsProperties -EnableIdpInitiatedSignonPage $True

  1. (Optional) To add a user, click Tools and select "Active Directory Users and Computers". Right-click on the Users folder and select New/User. Fill in the required fields and save. (Note that the user must have an email field filled in)

  1. In FlowFast, click Save. Once the options for the new authorisation option have been saved, click "Test Authorization". You will be redirected to adfs authorization. After successful authorization you will be taken back to FlowFast and see the message "Success".

Finally, do back to FlowFast Company settings section to activate authorization!