Enterprise SSO Setup Guide

Single Sign-On (SSO) allows your team members to access FlowHunt using your organization’s existing identity provider (IdP). This guide walks you through the process of setting up SSO integration for your enterprise FlowHunt account.

Prerequisites

Before you begin the SSO setup process, ensure you have:

An active FlowHunt Enterprise plan
Administrative access to your organization’s Microsoft Azure AD / Entra ID
Owner in a FlowHunt Workspace
Access to your DNS Provider dashboard to verify your domain ownership

Configuration Steps

Step 1: Access SSO Settings in FlowHunt

Log in to your FlowHunt account as an administrator
Navigate to General Settings > Authentication
Click on the corresponding Identity Provider by clicking on the Configure SSO button

Step 2: Choose Your Microsoft Azure AD / Entra ID

You will see that SSO will be enabled by default.

Step 3: Gather FlowHunt SSO Information

Copy Assertion Consumer Service (ACS) URL from FlowHunt SSO settings page.

Step 4: Configure Your Identity Provider

Log in to the Azure portal
Navigate to Azure Active Directory > Enterprise applications > New application

Select Create your own application

Enter “FlowHunt” as the name and select “Integrate any other application you don’t find in the gallery”
Select Set up Single sign-on
Configure the Basic SAML Configuration:
- Identifier (Entity ID): Set this to https://www.flowhunt.io
- Reply URL: Set this to the Assertion Consumer Service (ACS) URL from FlowHunt
In the User Attributes & Claims section, ensure the following attributes are mapped. The default should be correct:
- Name ID: user.mail (email address)
- First Name: user.givenname
- Last Name: user.surname
- Email: user.mail
Download the Certificate (Base64) file
copy the Login URL from the Set up FlowHunt Test SSO section

Step 7: Configure FlowHunt SSO

Head back to FlowHunt
Choose IdP SSO URL and paste the URL you copied from Microsoft Entra ID from Login URL section in field IdP SSO URL
paste the value of field Microsoft Entra Identifier from Entra ID page in field IdP Entity ID
paste the content of the downloaded Certificate (Base64) file in field IdP Certificate. It may start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----
Click on Verify domain button and follow the instructions to verify your domain ownership. You will need to add a TXT record to your DNS provider.

After domain verification is successful, click on Update SAML Settings button. In the next section, we will describe the optional settings available in the SAML Settings section to further configure your SSO setup.

Step 8: Advanced SAML Configuration (Optional)

If set to Any Method, users can sign in with SSO or username/password. If set to Enforce SSO, users must use SSO to sign in.

Automatic Account Creation (Just-in-Time Provisioning)

If Enabled, FlowHunt will create a new account for users who sign in for the first time. If Disabled, users must be added to FlowHunt manually.

Troubleshooting

If you encounter issues during the SSO setup process:

Common Problems and Solutions

“Invalid SAML Response” Error
- Verify that the clock on your IdP server is synchronized
- Check that the Entity ID and ACS URL are correctly configured
Users Cannot Access FlowHunt After SSO Login
- Ensure users have been assigned to the FlowHunt application in your IdP
- Verify that user email addresses match between your IdP and FlowHunt
Attribute Mapping Issues
- Confirm that the required attributes (email, firstName, lastName) are correctly mapped
- Check for any case sensitivity issues in attribute names

Getting Help

If you continue to experience issues with your SSO configuration:

Contact FlowHunt Support at support@flowhunt.io
Include the following information in your support request:
- Your organization name
- Identity provider name
- Specific error messages
- Screenshots of the configuration (with sensitive information redacted)

Microsoft Entra ID SSO Setup Guide