Configure single sign-on with Azure Active Directory

  Global Administrator role in Azure Active Directory is required.

You can configure identity federation in your Nintex Workflow Cloud tenant using Azure Active Directory, which has single sign-on Enables users to access multiple applications using one set of credentials. by default.

With single sign-on enabled, users can securely and conveniently sign in to Nintex Workflow Cloud with their Azure Active Directory accounts.

  • Enabling single sign-on in your tenancy will also enable single sign-on in any other Nintex Workflow Cloud tenancies associated with the federated email domain. For example, both and will be enabled with single sign-on if you federate using Azure Active Directory.
  • If you want to configure single sign-on using SAML protocol, see Configure single sign-on using SAML protocol.

Prerequisites for Azure Active Directory identity federation

  • To connect Azure Active Directory and Nintex Workflow Cloud, Azure Active Directory requires that a global administrator provides consent on behalf of the organization to connect their system to Nintex.
  • The Nintex Workflow Cloud user email address and the Azure Active Directory global administrator email address must be the same in order to provide continuity between both systems.

Note: For users to receive emails from Nintex Workflow Cloud, a valid email address must be provided. If the email attribute of a user account is not set, the UPN attribute of the user account must have a value, which must be a valid email address.

Configure Azure Active Directory identity federation

The following steps establish a connection between the specified Nintex Workflow Cloud domain and an Azure Active Directory domain. If the Azure Active Directory has more than one email domain, you can add additional domains from the Domain management page.

In Nintex Workflow Cloud:

  1. Access the User management page: 
    1. Click Settings.
    2. Click User management.
  2. Under Identity federation, click Configure.
  3. The setup wizard appears.

  4. Select Azure Active Directory as the identity provider.
  5. Click Next.
  1. To start the consent flow between the Nintex Identity Management Service Nintex service which facilities single-sign on capabilities across the Nintex platform, meaning users have one username and password to access multiple Nintex products. and Azure Active Directory click Initiate connection.

  2. You are prompted to log into your Azure Active Directory. You are redirected to an Azure Active Directory screen and prompted to give consent for the Nintex Authentication Platform to:
    • Read directory data
    • Sign in and read user profiles
  1. Click Accept.

    If the connection request is successful, users of Nintex Workflow Cloud tenancies associated with the federated email domain can use their Azure Active Directory credentials to sign-in and authenticate. You can now invite additional users in the Azure Active Directory into the tenancy from the User management page.