Single Sign-On FAQs

How does single sign-on (SSO) work for Nintex Process Manager?

Nintex Process Manager uses Security Assertion Markup Language (SAML) An open standard for exchanging identity authentication data between an identity provider and an application or service provider such as Nintex Promapp. to support SSO. With SSO enabled, users can securely and conveniently sign in to Nintex Process Manager using the same set of credentials used in other applications in your organisation such as Outlook or Office 365. Users are no longer required to create separate credentials to access Nintex Process Manager.

What is SAML?

It is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. For more information about SAML, see this video.

What is an Identity Provider?

An Identity Provider (IdP) is an online service or website that authenticates Internet users with security tokens. SAML provides these security tokens.

What is a service provider?

A Service Provider (SP) is an entity that provides Web Services, in this case Nintex Process Manager.

How do I enable SSO for my Nintex Process Manager site?

Contact your Nintex Process Manager Account Manager to discuss enabling SSO for your organisation. Alternatively contact us at support@nintex.com. Once the options have been discussed, we will enable SSO for your Nintex Process Manager site, ready to be configured.

What do I need to configure SSO?

Identity Provider (IdP): You'll need an IdP to manage the user authentication. You may already have one. If not, you can either choose a cloud-based provider like Microsoft Entra ID, OneLogin or Okta; or you can host your own IdP using Microsoft Active Directory Federation Services (ADFS) on a public facing web server. Nintex Process Manager officially supports the following IdPs, however any providers that support SAML will work.
- Microsoft Active Directory Federation Services (ADFS)
- Microsoft Entra ID (formerly Microsoft Azure Active Directory)
- Okta
- OneLogin
Service Provider (SP) - Applications which use single sign-on to authenticate users. In this case, Nintex Process Manager is the service provider.

Can I test SSO without affecting existing users?

Yes, use optional mode which allows you to test the SSO connection while users still receive the usual login page. Once your SSO connection is working, set the SSO mode to Required to remove login page access so all users are authenticated by the SSO connection.

Do the supported IdPs have Nintex Process Manager connectors?

Yes, just search their application galleries for Promapp.

What can I sync?

You can configure your Nintex Process Manager site to sync the User Name, First Name, Last Name and Email Address from your IdP. If a user hasn't accessed Nintex Process Manager before, a new user account will be created when they first access Nintex Process Manager. Following that if names or email addresses change in the IdP, your Nintex Process Manager site is updated with the user details.