Configure single sign-on with other Identity Providers

You'll need an Identity Provider (IdP) to manage user authentication. Nintex Process Manager officially supports the following IdPs:

• Microsoft Active Directory Federation Services (ADFS)
• Microsoft Entra ID (formerly Microsoft Azure Active Directory)
• Okta
• OneLogin

However, you can use other IdPs that support SAML-based authentication. Refer to the relevant IdP documentation and configure the correct settings.

Configure your own solution or use a different IdP

Nintex Process Manager requires the following if you choose to configure your own solution or to use a different IdP:

• Nintex Process Manager uses SAML 2.0 with the HTTP Redirect binding for Service Provider (SP) to Identity Provider (IdP) and expects the HTTP Post binding for IdP to SP.

• The Nintex Process Manager post-back URL (also called the Assertion Consumer Service URL) is https://{your nintex promapp site, e.g. go.promapp.com/acme}/saml/authenticate

• The NameID should contain the user’s username.

• The following attributes are required when synchronising user details between Nintex Process Manager and the IdP:

  • FirstName

  • LastName

  • Email

• Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both. Nintex Process Manager requires only the SAML response to be signed.

• Add the following information under Admin > Configure > Security:

  • A sign-in page URL (also called a login URL)

  • An X.509 certificate (This is required in text format. You might need to download it as a file in the .pem format before copying and pasting the text.)