Single Sign-On (SSO)
Single sign-on (SSO) allows users to securely authenticate with multiple applications and websites with just one set of login credentials - typically a username and password.
SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords.
CheckFlow supports SSO in our Enterprise plan. If you are interested in enabling SSO for your team please contact us via the chat widget or email.
Supported SSO Identity Providers
Don’t see your provider here? Contact us and we will do our best to add it.
Provisioning and Deprovisioning
- Provisioning: We support Just-In-Time provisioning for accounts. This means that new user accounts are created the first time they log in to CheckFlow.
- Deprovisioning: We do not currently support deprovisioning. When users are deprovisioned in your IDP, you will also need to mark them as inactive in the 'Users' tab of the 'Team Management' page.
Identity Provider Claims
Your identity provider will pass back information on the authenticated user. We use this information to identify the user. You will be able to control what information gets passed to CheckFlow from within your identity provider configuration.
We require the following information:
- firstName
- lastName
You can also pass us the following information, which is optional. If this information is provided we use it to set up the account when the user is provisioned.
- role - This can be: 'administrator', 'member' or 'guest'.
- timeZone - This can be any IANA Time Zone (TZDB) ID. For example: 'Europe/London', 'America/New_York'.
If the above information is left empty we will assign the user to the 'Member' role and set the time zone to 'UTC'. These can easily be changed within the 'Team Management' and 'User Settings' pages in CheckFlow.
Subdomain Access
In order to use SSO we will set up a subdomain for you to access CheckFlow. This will link your team to the correct identity provider settings.
For example, instead of using the default CheckFlow URL below:
You would substitute the text 'app' for your subdomain. It could be something like: