- docs
- FlowFuse User Manuals
- Using FlowFuse
- Getting Started
- FlowFuse Concepts
- Changing the Stack
- Custom Hostnames
- Device Groups
- DevOps Pipelines
- Environment Variables
- FlowFuse Assistant
- FlowFuse File Nodes
- FlowFuse Persistent Context
- FlowFuse Project Nodes
- High Availability mode
- HTTP Access Tokens
- Instance Settings
- Logging
- Shared Team Library
- Snapshots
- Teams
- User Settings
- FlowFuse API
- Migrating a Node-RED project to FlowFuse
- Device Agent
- Device Agent
- FlowFuse Device Agent Introduction
- Quick Start
- Installation
- Quick Start with Web UI
- Register your Device
- Running the Agent
- Deploying your Flows
- Hardware Guides
- FlowFuse Cloud
- FlowFuse Cloud
- FlowFuse Self-Hosted
- Installing FlowFuse
- Overview
- Configuring FlowFuse
- DNS Setup
- Docker install\
- Email configuration
- First Run Setup
- FlowFuse File Storage
- Install FlowFuse on Kubernetes
- AWS EKS Installation
- AWS EKS Installation with Terraform and Helm
- Digital Ocean Kubernetes Installation
- Kubernetes Project Stacks
- Local Install
- Upgrading FlowFuse
- Administering FlowFuse
- Administering FlowFuse
- Configuring Single Sign-On (SSO)
- Licensing
- Monitoring
- Telemetry
- User Management
- Support
- Community Support
- Premium Support
- Debugging Node-RED issues
- Contributing
- Contributing to FlowFuse
- Introduction
- Adding Template Settings
- API Design
- Creating debug stack containers
- Database migrations
- FlowFuse Architecture
- State Flows
- Device Editor
- Invite External Users
- User Login Flows
- Reset Password Flow
- Project Creation
- Instance states
- User Sign up Flow
- Team creation Flow
- Working with Feature Flags
# Configuring LDAP based Single Sign-On
This feature is only available on self-hosted Enterprise licensed instances of FlowFuse.
The SSO Configurations are managed by the platform Administrator under the
Admin Settings > Settings > SSO section.
The user must already exist on the FlowFuse platform before they can sign in via SSO.
# Create a SSO Configuration
-
Click 'Create SSO Configuration' to create a new config
-
Give the configuration a name to help identify it, and provide the email domain name this configuration should apply to. Ensure the LDAP option is selected - this cannot be changed after the configuration is created.
-
Click 'Create configuration'
At this point, the configuration has been created and metadata generated for the configuration, but it is not active.
# Configuration LDAP
The following fields are provided for configuring LDAP. You will need to refer to your LDAP service provider details for the correct values to enter:
Server- the address of the LDAP server, including port number.Username- the bind DN to use to connect to the server. The user must have permission to lookup users in the directory.Password- the password to connect to the server with.Base DN- the base object under which user searches are performed.User Search Filter- the filter used to search for a user. See below for more details.Enable TLS- whether to use TLS for the LDAP connectionVerify Server Certificate- when TLS is enabled, whether to perform strict certification validation.
You can save the configuration at any time by clicking the Update configuration
button. The configuration will only be enabled when you tick the active checkbox and save the changes.
# User Search Filter
The search filter is used when checking if a user exists within the directory, using the standard LDAP query notation. The default search filter is (uid=${username}).
The platform will replace ${username} and ${email} with the user's details when they attempt to login.