Directories

An Organization administrator role is required. For information, see User roles.

Note: Access the Organization settings
  • Go to Settings > Organization.

The Organization settings page opens in a new tab. To return to the main menu, switch back to the tab you started from.

The Identity provider connections page you can :

  • Enable access to external users and view identity federation settings.

  • Configure single sign-on using SAML 2.0 protocol with SAML-supported identity providers. Example: Google Suite, Okta, Active Directory Federation Services and more.

Jump to:

Configure identity federation

An Organization administrator role is required. For information, see User roles.

Important: 

  • The ability to configure new single sign-on setups with Windows AzureActive Directory has been deprecated. Use the SAML protocol for single sign-on setup instead. SAML offers broader compatibilities and allows you to seamlessly integrate with a wider range of identity providers and service providers. This ensures a more flexible and scalable single sign-on solution. For more information, see Configure single sign-on using SAML protocol.

  • Configuring identity federation enables automatic user onboarding. Users from the federated domain are automatically onboarded when they access the Nintex Workflow tenant. Auto-onboarding is subject to rate limiting and should not be used for bulk onboarding.

Configure the identity federation of your Nintex Workflow tenant using SAML 2.0 protocol so you can configure single sign-on using other identity providers An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. such as Google Suite, Okta, PingOne, and Active Directory Federation Services. For instructions, see Configure single sign-on using SAML protocol.

Note: Read the FAQ guide on SAML to learn how single sign-on with SAML works and what it can provide for your Nintex Workflow tenant.

Upgrade identity federation

An Organization administrator role is required. For information, see User roles.

If you see a message indicating an update for the SAML IdP, you must update your identity federation.

To upgrade identity federation, create a new federation or upgrade an existing one. To create a new identity federation, see Configure identity federation. To upgrade an existing identity federation, follow these steps:

  1. Go to Settings > Organization.

  2. Click Directories.

  3. Under the Identity federation section, click and select Upgrade for the required provider.
  4. Select your identity provider.

  5. Copy the Entity ID and Reply URL, then add or update them in your IdP.

    Important: Update these values in your IdP before proceeding to avoid being locked out of your tenant.

  6. Complete the remaining configuration in the Nintex Workflow identity federation wizard, and then select Connect.
  7. Sign out and sign into your Nintex Workflow tenant to complete the upgrade process.

    8. Note: If your federation configuration fails, use one-time password (OTP) to regain access to your tenant.

If the upgrade fails, follow these steps:

  1. Sign in using an OTP.

  2. Delete your existing federation configuration.

  3. Set up federation again with your preferred IdP.

    • Copy the Entity ID and ACS URL exactly as provided.

    • Confirm that attribute mappings are correct.

If the upgrade continues to fail, delete the federation setup, switch to username and password login, and contact Nintex Support for help.

Delete identity federation

An Organization administrator role is required. For information, see User roles.

Important: Once a federation is deleted, all the users registered with your identity provider will no longer be able to sign into your Nintex Workflow tenant via Single sign-on.

  1. Go to Settings > Organization.

  2. Click Directories.

  3. Under the Identity federation section, click and select Delete for the required provider.
  4. Sign out and sign into your Nintex Workflow tenant to complete the deletion process.

    5. The corresponding identity federation is removed.

    Important: Any users listed in the User management> Users settings will be able to access your Nintex Workflow tenant with their unfederated username and password. We recommend reviewing the list of users after deleting the federation.

Identity federation settings

An Organization administrator role is required. For information, see User roles.

  1. Go to Settings > Organization.

  2. Click Directories.

  3. Turn on the Send welcome email to new Participant role users toggle to send a welcome email when a user is assigned the Participant role.

Configure identity federation settings

An Organization administrator role is required. For information, see User roles.

After you set up Single sign-on, you can configure auto-acceleration and welcome emails for the federated domain/tenant.

Note: You must be a global administrator and have completed domain verification in order to configure identity federation settings. For more information, see Domain management.

  1. Go to Settings > Organization.

  2. Click Directories.

  3. In the Identity federation settings section, toggle Enable auto-acceleration. Configuring this setting enacts the following changes:

    Note: When External users is enabled, the sign-in page requires users to choose a sign-in method, even when auto-acceleration is on.

    • If enabled: After establishing a Single sign-on connection, you will sign into the Nintex Workflow tenant and the Nintex Workflow sign-in screen will not be displayed. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

    • If disabled: For every login, you will need to sign into the Nintex Workflow tenant. You may or may not see the identity federation provider sign-in screen, depending on your identity federation provider configuration.

  4. (Optional) Toggle Send welcome email to new participant role users. This setting is off by default.

Update external users configuration

An Organization administrator role is required. For information, see User roles.

  1. Go to Settings > Organization.

  2. Click Directories.

  1. Turn on the External users configuration toggle to enable external user access to your tenant.

Directories fields and settings

Section Selection (or column or field) Description
Identity federation Provider

The protocol or method which enabled single sign-on for your Nintex Workflow tenant:

  • Azure Active Directory: Users can single sign-on to Nintex Workflow using their Azure Active Directory accounts.
  • SAML: Users can single sign-on using the credentials verified by their identity provider such as Okta, Active Directory Federation Services (ADFS), Google Suite, and more.

    • For more information on SAML, see Frequently asked questions: Single Sign-on with SAML protocol.
 

Domains

The domains that are federated for single sign-on with the Nintex Workflow tenant.

Example: YourDomain.com, YourCompany.com.
 

Configured by

Tenancy user name of person who configured the provider.

 

Date configured

Date and time on when the provider was configured.

  Status Shows if the identity provider is active or inactive.
  Options ()

This feature requires the user to be a Organization admin.

Lists the following selections:

  • Delete: Removes the selected identity federation from the Nintex Workflow tenant or tenants.
  • Upgrade: Upgrades the selected identity federation on the Nintex Workflow tenant or tenants.
Identity federation settings Send welcome email to new participant role users

This feature requires the user to be a Organization admin.

This setting is off by default.

External users configuration Manage access to this tenant for users outside your organization. Allows users outside your organization to sign in to the tenant. Only Organization administrators can enable this option.