Skip to main content

Authentification & SSO

The Authentication & SSO section enables administrators to define how users log in to the platform, manage single sign-on configurations, and enforce password security policies.

This authentication system works in conjunction with role management to provide secure access to web interfaces and process workflows.

To access it: Go to Account > Settings > Auth from the top navigation menu.

Role Management

1. Different Authentication methods

Softyflow supports a variety of authentication strategies to meet your security needs:

Google Authenticator (2FA)

Adds a second layer of authentication using time-based one-time codes generated by the Google Authenticator mobile app. After entering their password, users must enter a code from the app to access the platform.

This is particularly important for users with IDE access who can modify applications and processes.

Role Management

Microsoft Authenticator (2FA)

Functions similarly to Google Authenticator, providing one-time codes via the Microsoft Authenticator mobile app. This enhances protection against password theft and is ideal for organizations using Microsoft ecosystem tools.

Role Management

QR Code Auth

Allows users to scan a unique QR code with an authentication app to complete their login. This method is typically used for account linking or seamless access flows and works well with mobile applications.

Role Management

SSO with SAML

Softyflow supports SAML 2.0-based Single Sign-On (SSO), allowing users to log in through your organization's identity provider. This is essential for enterprise environments and integrates seamlessly with user management and role assignments.

Role Management

To configure SAML:

  • Identity Provider Entry: Your company's authentication endpoint.
  • Issuer: Unique identifier of your SAML configuration.
  • Logout Redirect: URL where users are redirected post-logout (can be configured with home page redirection).
  • NameID Format: Defines user identifiers (e.g., email address or persistent ID).
  • Enable Encryption: Optional setting to encrypt assertions and metadata.
  • Certificate: Required to verify identity and secure the data exchange.
  • Parameters: Additional values such as RelayState, ACS URL, and RequestedAuthnContext for advanced configuration.
Role Management

OpenID Connect (OIDC)

In addition to SAML, Softyflow supports OpenID Connect for modern SSO needs using OAuth 2.0 and JWT-based identity tokens. Ideal for integration with providers like Google, Azure, Okta, and others. This method can be used with API integrations and custom authentication workflows.

2. Password Management

Enforce strong access controls with customizable password policies:

First Login Reset

Force users to reset their password during their first login session. This enhances account protection after admin-initiated user creation.

Enable Forgot Password

Activate this feature to allow users to request a reset link via email if they forget their password. This uses the configured mail providers to send reset links securely.

Password Expiration

Require users to update their password periodically. You can set the number of days before a password expires. This is particularly important for users with elevated privileges or IDE access.

Custom Password Settings

Use regular expressions to enforce password complexity rules (e.g. minimum length, inclusion of numbers/symbols). For example:

  • Regex: ^(?=.[A-Z])(?=.\d)[A-Za-z\d]{8,}$
  • Message: "Password must be at least 8 characters, include an uppercase letter and a number."

By combining authentication methods, SSO protocols, and password policies, you can secure access to your platform while adapting to your internal IT practices. These settings work together with role management to ensure users have appropriate access to web interfaces, process workflows, and monitoring tools.


Authentication Integration

Development Considerations

When designing applications, consider authentication requirements:

Monitoring Authentication

Track authentication activities across your platform:

Security Best Practices

Implement comprehensive security measures:

  1. Multi-Factor Authentication: Enable 2FA for all users with administrative privileges
  2. Role-Based Access: Combine authentication with role management for granular control
  3. Regular Audits: Use system logs to monitor authentication patterns
  4. Environment Separation: Configure different authentication requirements for test and production environments

Next Steps

Continue securing your platform:

Security Administration:

  • User Management - Create and manage user accounts with proper authentication
  • Role Management - Define access levels that work with authentication
  • Settings - Configure platform settings and security policies
  • Mail Management - Set up email providers for password reset and notifications
  • System Logs - Monitor authentication and security events
  • Home Redirection - Create personalized landing pages for authenticated users

Development Security: