Note: Nintex Apps is in beta release.

Single Sign-On

Single sign-on (SSO) refers to the practice of using a single authentication service to log into other services. Nintex Apps's implementation of SSO uses then XML-based Security Assertion Markup Language (SAML). This authentication protocol is used by many services to allow end users to log into an identity provider (IdP) that grants them access to multiple different services, known as service providers (SP).

With SSO, a log-in process can be IdP-initiated or SP-initiated:

  • IdP-initiated: Users login once to their IdP, where they enter their unique username and password. Users then select the service they wish to access and are then logged in, without having to enter a username/password for the chosen service.

  • SP-initiated: User starts at the service provider's login page and chooses to login using a known IdP.

    Alternatively, a user may navigate to a service provider from another portal or hub besides the IdP. They then can then choose to login using a known IdP.

Nintex Apps supports both IdP-initiated and SP-initiated logins. By ensuring users have one method of entry into various services, authentication becomes a more streamlined—and arguably more secure—process.

Both Nintex Apps and Nintex Apps for Salesforce can be used with the SAML protocol. By configuring Nintex Apps for SAML, you can allow your users to login into Nintex Apps with the click of a button. You can also authenticate your end users to connections used in Nintex Apps pages.

Prerequisites

When using SAML to connect to Nintex Apps —or your connections—the actual screen-by-screen experience will vary depending on which single sign-on services you utilize. Work closely with an administrator who is familiar with SSO as a concept, as well as your identity provider of choice. Included in the collapsed section below is a reference of concepts, phrases, and acronyms commonly seen throughout this process.