Configure single sign-on using SAML protocol

  Administrator role required

Single sign-onEnables users to access multiple applications using one set of credentials. (SSO) using Security Assertion Markup LanguageAn industry standard for exchanging authentication data between an identity provider and an application or service provider (that's Nintex Workflow Cloud) (SAML) 2.0 protocol requires that the identity providerAn identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. and the application or service provider (that's Nintex Workflow Cloud) exchange authentication data with each other.

With SSO enabled, users can securely and conveniently sign in to Nintex Workflow Cloud using the same credentials used in other applications such as Outlook or Office 365. Users are no longer required to create separate credentials to access Nintex Workflow Cloud.

Note: To learn more about SAML and what it can provide for your Nintex Workflow Cloud tenant, see Frequently asked questions: Single sign-on with SAML.

High-level objectives of SAML configuration

You can use Security Assertion Markup LanguageAn industry standard for exchanging authentication data between an identity provider and an application or service provider (that's Nintex Workflow Cloud) (SAML) 2.0 protocol to enable single sign-onEnables users to access multiple applications using one set of credentials. in your Nintex Workflow Cloud tenant with the identity provider.

The objectives of configuring SAML in Nintex Workflow Cloud include:

  • Set up SAML in Nintex Workflow Cloud and the identity provider at the same time.
  • You must refer to the identity provider's documentation for their steps on how to add a SAML application (such as Nintex Workflow Cloud).
  • Make sure to add users in your directory in the identity provider. Typically, a user directory should already exist for your organization.
  • Identify the SAML-related terminologies used between Nintex Workflow Cloud and the identity provider so that you can set the appropriate values in specific fields during configuration. SAML-related terminologies include the following:
    • Entity ID: A globally unique identifier of an entity, which in our case is the Nintex Workflow Cloud tenant to be configured with SAML.

Before you begin SAML configuration

Before configuring SAML in Nintex Workflow Cloud, make sure you have the following:

  • A domain which you intend to federate with Nintex Workflow Cloud. Example: YourDomain.com. Before you can use a domain to associate with your Nintex Workflow Cloud tenant, you must first verify ownership of the domain. To verify a domain, see Verify a domain for SAML configuration.
  • An email address with administrator role in the Nintex Workflow Cloud tenant that you're going to configure with SAML. For example, admin@YourDomain.com.
  • An administrator account in the identity provider, using the same email address.
Note: 

Enabling single sign-on in your tenant will also enable single sign-on in associated Nintex Workflow Cloud tenants. For example, both sales.workflowcloud.com and hr.workflowcloud.com will be enabled with single sign-on if you configure SAML in either of them.

Steps to set up SAML in Nintex Workflow Cloud with your preferred identity provider