Configure single sign-on with other Identity Providers

You'll need an Identity Provider (IdP) to manage user authentication. Nintex Process Manager officially supports the following IdPs:

  • Microsoft Active Directory Federation Services (ADFS)
  • Microsoft Entra ID (formerly Microsoft Azure Active Directory)
  • Okta
  • OneLogin

However, you can use other IdPs that support SAML-based authentication. Refer to the relevant IdP documentation and configure the correct settings.

Configure your own solution or use a different IdP

Nintex Process Manager requires the following if you choose to configure your own solution or to use a different IdP:

  • Nintex Process Manager uses SAML 2.0 with the HTTP Redirect binding for Service Provider (SP) to Identity Provider (IdP) and expects the HTTP Post binding for IdP to SP.

  • The Nintex Process Manager post-back URL (also called the Assertion Consumer Service URL) is https://{your nintex promapp site, e.g. go.promapp.com/acme}/saml/authenticate

  • The NameID should contain the user’s username.

  • The following attributes are required when synchronising user details between Nintex Process Manager and the IdP:

    • FirstName

    • LastName

    • Email

  • Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both. Nintex Process Manager requires only the SAML response to be signed.

  • Add the following information under Admin > Configure > Security:

    • A sign-in page URL (also called a login URL)

    • An X.509 certificate (This is required in text format. You might need to download it as a file in the .pem format before copying and pasting the text.)