Enable Azure AD SSO

There are four steps to set-up the Azure AD SSO connection:

  1. Set-up Azure AD application.
  2. Provide metadata to CheckFlow.
  3. Add Users or Groups to your application.
  4. Verify Azure AD SSO is working with CheckFlow.


Contact Us

Please contact us prior to starting Step 1.

We will need to manually generate your Subdomain and Entity ID.

Step 1: Set-up Azure AD application

  1. Login to your Azure portal and go to your Azure Active Directory resource. Click on the Enterprise applications menu item on the left. Then click on the New application button.
  2. You will be directed to the Browse Azure AD Gallery page. Click on the Create your own application button.
  3. The Create your own application blade will open on the right. Enter the name of your app and click the Create button.
  4. The application will be created. This may take a minute or two.


Add Application


  1. Once the application has been created you will be directed to the application page. Click on the Single sign-on menu item on the left.
  2. Select the SAML sign-on method. You will be directed to the Set up Single Sign-On with SAML page.


Create SAML Integration


  1. In the Basic SAML Configuration section, click the Edit button. Enter the following information in the blade that appears on the right and then click the Save button:


Basic SAML Configuration


  1. In the User Attributes & Claims section, click the Edit button. You will be directed to the User Attributes & Claims page. Some default claims will already exist. You can click on any claim to modify it. The claims need to be modified as follows:


Optional Attributes

The role and timeZone attributes are optional. These properties can easily be changed within the 'Team Management' and 'User Settings' pages in CheckFlow at any time.


  1. When complete your User Attributes & Claims page should look similar to below:


User Attributes & Claims


  1. Return back to the SAML-based Sign-on page. Setup of your application is now complete.
  2. Proceed to the section below for instructions on how to retrieve your metadata URL.

Step 2: Provide metadata to CheckFlow

The identity provider metadata allows for dynamic configuration. This simplifies the SAML setup process.

  1. Go to the SAML-based Sign-on page in your Azure portal. If you are continuing on from the previous section you should already be on this page.
  2. Find the App Federation Metadata Url property within the third section - SAML Signing Certificate. Click on the Copy button and provide this to us. We will then add this to your account.


App Federation Metadata Url

Step 3: Add Users or Groups to your application

  1. You can now add users or groups to your application. From the application page click on the Users and groups menu item. Then click on the Add user/group button.


Single Add User or Group


Step 4: Verify Azure AD SSO is working with CheckFlow

All users that have been added to your newly created application should now be able to access CheckFlow using Azure AD SSO.

New user accounts are created the first time a user logs in to CheckFlow.

Simply open a new tab in your browser and access CheckFlow using your custom URL.

For example: https://yourcompanyname.checkflow.io/