Account security

Modified 4 years ago

Abhiram

The Account Owner and Super Admins have complete control over the sign in page customization, custom sign up URL, and email domain association with your organization’s domain.

Manage how users sign in

Your account is assigned a unique URL that can be used for signing in. On the sign in page, users can enter the email address and password they set up during the initial sign up or after a password reset.

Kissflow supports OAuth-based sign in for Google and Office 365 accounts. There is also a custom Single sign on (SSO) option for organizations using a SAML-based sign in (useful if you are using Okta, OneLogin, etc.) From the Sign in Options section, you can restrict the options available for signing in.

SAML configuration

To enable a SAML-based SSO sign in for your customers, enter the following details after clicking the SAML checkbox:

  • Identity provider (IdP) URL - This is the URL that comes from the SAML provider you've chosen. Once a user clicks on the SSO button from the sign in page, they will be directed to this remote sign in URL of your SAML server.
  • Sign out URL - This is an optional field. You can provide the sign out URL to direct your users to a particular URL after signing out of the SAML provider and Kissflow platform.
  • Security key - Kissflow uses the SHA2 fingerprint of the SAML signed token certificate from your SAML server to decrypt the data coming from your SAML provider.
  • Consumer assertion URL to Kissflow - This is the URL you must provide to the SAML provider. This URL is unique to your account.
  • User field where SAML identifier is stored - Specify the column name in the user management table where you want the unique SAML identifier stored.
  • Automatically create users when they exist in the IdP - Enable this checkbox to allow Kissflow to create new users on-demand when they try to sign in via a SAML-based SSO. You can use this feature to automate user provisioning for SAML-based Active Directory. Automatic de-provisioning of users is not supported.
    This feature will work only when the SAML NameID is mapped to the email address or when there is a separate email field in the SAML response call.

After you have entered all of the information, click Save.

Manage how users sign up

Rather than individually inviting new users, you can choose to make your Kissflow sign up process globally accessible by sharing a custom sign up URL.

Anyone who visits this page will be prompted to add their name, email address, and phone number. Then, Account Admins will be notified to approve the sign up of the user. As an administrator, you can manually choose the user from the User Management tab in Admin screen and click Activate to provision an active license to the user.

If you want to disable future sign ups via this URL for new users, just select the checkbox “Disable new sign ups” and click Save.

Associating email domains to your account

For an organization that has multiple email domains, Kissflow allows you to associate an email address from any of these domains to your account. Once an email domain is associated with your account, no one else will be allowed to sign up for a new Kissflow account using the same domain.

Let’s say your organization’s domain address is stark-industries.co. If you want to associate a user from the same organization, but with a different email domain stark-usa.com, you can do so by adding the new domain in the Associated Email Domain section. Click Add New Domain, and then enter the domain name, domain address, and the email used to verify the domain.

An invite email will be sent to the invitee’s email inbox. Upon verification, the alternate domain will be added to your account and no one else will be able to create a new Kissflow account with that domain. You can associate multiple domains with your Kissflow account. However, once associated, a domain cannot be associated with any other Kissflow account.

Did you find the article helpful?

Powered by HelpDocs (opens in a new tab)