Configure single sign-on with Microsoft Entra ID as identity provider
Global Administrator role in Microsoft Entra ID Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in: External resources, such as Microsoft Office 365, the portal, and other SaaS applications. Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organisation. (formerly Microsoft Azure Active Directory) required. Promaster A Nintex Promapp system administrator who administers a Nintex Promapp site and has rights to view and edit all areas of a Nintex Promapp site. privilege in Nintex Process Manager required.
You can configure single sign-on (SSO) in your Nintex Process Manager site with Microsoft Entra ID to enable users to securely and conveniently sign in to Nintex Process Manager using the same credentials.
Prerequisites
You must have the following prerequisites configured before you start:
- Have a Microsoft Entra ID tenant: For more information, see the Azure AD documentation.
- Have a Nintex Process Manager site user with Promaster A Nintex Promapp system administrator who administers a Nintex Promapp site and has rights to view and edit all areas of a Nintex Promapp site. privileges. For more information, see Manage users.
- Ensure that the Logon field for the User record in Nintex Process Manager must match the User Principal Name in the Microsoft Entra ID portal.
Once you have the prerequisites configured, follow the details in the sections below.
Configure SSO settings in Microsoft Azure portal and Nintex Process Manager
Follow these steps to configure settings in a Microsoft Azure portal and Nintex Process Manager for enabling SSO.
- For customers in Australia and New Zealand, https://au.promapp.com/<sitename> is the preferred URL to access your Nintex Process Manager site.
- If you are using https://go.promapp.com/<sitename> as your main URL, you must add both https://go.promapp.com/<sitename> and https://au.promapp.com/<sitename> in Step 2.3a and Step 2.3b described below.
Before configuring Nintex Process Manager for SSO with Microsoft Entra ID (previously Microsoft Azure Entra ID), you need to add Nintex Process Manager from the Microsoft Entra ID application gallery to your list of managed SaaS applications.
Follow these steps to add the Nintex Process Manager application:
- Sign in to your Microsoft Azure portal.
- In the left navigation pane, click Microsoft Entra ID.
- Click Enterprise applications > All applications.
- Click + New application from the top pane.
- Type Nintex Process Manager in the Search box.
- Select Nintex Process Manager from the search results.
- Type a Name which will help you to identify the application for users in your organisation on the Access Panel.
- Click Add.
The Nintex Process Manager application is added to the Microsoft Azure portal and you can now set up SSO for your Nintex Process Manager site.
After you add Nintex Process Manager from the Microsoft Azure Entra ID application gallery to your list of managed SaaS applications, follow these steps to configure Microsoft Azure Entra ID SSO.
- Sign in to your Microsoft Azure portal and navigate to the Nintex Process Manager application that you added in Step 1: Add the Nintex Process Manager application to a Microsoft Azure portal.
- In the left navigation pane, click Single sign-on > SAML.
- In the Set up Single Sign-On with SAML page, click the pencil icon in the Basic SAML Configuration section.
- In the Identifier (Entity ID) field, type your Nintex Process Manager site URL in the following format: https://<au/us/ca/eu>.promapp.com/<sitename>/.
For example: If your Nintex Process Manager site name is demosso in au region, you must enter: https://au.promapp.com/demosso/.The slash (/) at the end MUST be included. - For customers in Australia and New Zealand, https://au.promapp.com/<sitename> is the preferred URL to access your Nintex Process Manager site.
- If you are using https://go.promapp.com/<sitename>/ as your main URL, you must add both https://go.promapp.com/<sitename>/ and https://au.promapp.com/<sitename>/.
- In the Reply URL (Assertion Consumer Service URL) field, type https://<au/us/ca/eu>.promapp.com/<sitename>/saml/authenticate.aspx.
For example: If your Nintex Process Manager site name is demosso in au region, you must enter: https://au.promapp.com/demosso/saml/authenticate.aspx. - For customers in Australia and New Zealand, https://au.promapp.com/<sitename> is the preferred URL to access your Nintex Process Manager site.
- If you are using https://go.promapp.com/<sitename> as your main URL, you must add both https://go.promapp.com/<sitename>/saml/authenticate.aspx and https://au.promapp.com/<sitename>/saml/authenticate.aspx .
- Click Save on the top-left.
- Scroll down to the SAML Certificate section and download the Certificate (Base64) details. This certificate is required to configure the Nintex Process Manager SSO settings. Open this file using Notepad and copy all text between "---Begin Certificate---" and "----End Certificate---" .
- In the Set up <application> section, click Copy to clipboard next to the Login URL field. This Login URL will be used as the SSO Login Url used by Nintex Process Manager for Service Provider initiated login.
Follow Step 3: Configure Nintex Process Manager SSO settings to configure the SSO settings in your Nintex Process Manager site.
Follow these steps to configure the SSO settings in your Nintex Process Manager site:
- Sign in to your Nintex Process Manager site.
- Go to Admin > Configure > Security.
- In the SSO - Single Sign-on Mode field, click and select Optional from the drop-down list. Setting it as Optional allows you to test both the Identity Provider login and Nintex Process Manager login independently to ensure both are working. Once set to Required it is much more difficult to troubleshoot problems if login does not work as expected.
- In the SSO - Login Url field, click . Paste the Login URL you copied in Step 5 of Step 2: Configure Microsoft Entra ID SSO.
- In the SSO - x.509 Certificate field, click . Paste the Certificate (Base64) details you copied in Step 4 of Step 2: Configure Microsoft Entra ID SSO.
-
Enabling the Sync user details with SSO provider setting will allow users in your Microsoft Azure Entra ID portal to log in to the configured Nintex Process Manager for the first time and a "User" and "Profile" will be automatically created in Nintex Process Manager if an existing record is not found.
-
If Sync user details with SSO provider is disabled, the Promaster must create the user in Nintex Process Manager.
-
Ensure that the Logon field for the User record in Nintex Process Manager must match the User Principal Name in the Microsoft Azure Entra ID portal.
-
Update Nintex Process Manager user names in bulk (if required) by exporting the user details, changing them in the .csv file, and importing again. For more information, see import users.
-
Once you have configured the SSO settings for your Nintex Process Manager site, ensure you test the connection.
- Sign in to your Microsoft Azure portal and navigate to the Nintex Process Manager application you added in Step 1.
- In the left navigation pane, click Single sign-on.
- On the top of the Set up Single Sign-On with SAML page, click Test this application and follow the instructions.
Troubleshooting
For more information and troubleshooting SSO, see: