Single sign-on (SSO) allows users to securely authenticate with multiple applications and websites with just one set of login credentials - typically a username and password.
SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords.
Supported SSO Identity Providers
Don’t see your provider here? Contact us and we will do our best to add it.
Provisioning and Deprovisioning
- Provisioning: We support Just-In-Time provisioning for accounts. This means that new user accounts are created the first time they log in to CheckFlow.
- Deprovisioning: We do not currently support deprovisioning. When users are deprovisioned in your IDP, you will also need to mark them as inactive in the 'Users' tab of the 'Team Management' page.
Identity Provider Claims
Your identity provider will pass back information on the authenticated user. We use this information to identify the user. You will be able to control what information gets passed to CheckFlow from within your identity provider configuration.
We require the following information:
You can also pass us the following information, which is optional. If this information is provided we use it to set up the account when the user is provisioned.
- role - This can be: 'administrator', 'member' or 'guest'.
- timeZone - This can be any IANA Time Zone (TZDB) ID. For example: 'Europe/London', 'America/New_York'.
If the above information is left empty we will assign the user to the 'Member' role and set the time zone to 'UTC'. These can easily be changed within the 'Team Management' and 'User Settings' pages in CheckFlow.
In order to use SSO we will set up a subdomain for you to access CheckFlow. This will link your team to the correct identity provider settings.
For example, instead of using the default CheckFlow URL below:
You would substitute the text 'app' for your subdomain. It could be something like: