Organisations within Flagsmith can be locked to a single authentication method if required, meaning that accounts can neither be created or logged into with anything other than the method specified.
This can be configured at an Organisation level by a Super-Administrator. Please get in touch if you need help with this.
As well as Email/Password and OAuth2 via Google or Github, we also provide the following methods of authentication.
The Flagsmith platform can be configured for a given organisation to use SAML authentication. To configure SAML login for your organisation please get in touch with us directly to help set it up.
Note that users authenticated via SAML can only belong to one organisation, the one that the SAML configuration is tied to.
To set up SAML authentication, we will provide you with a unique name for your SAML organisation that you must then enter when prompted by the 'Single Sign on' dialog. We will also provide you with our Service Provider metadata and expect your IdP metadata in return.
To uniquely identify users, we attempt to retrieve a unique identifier from either the
uid claim, or
we use the content of the
We also map the following Flagsmith user attributes to the following claims in the SAML response.
|Flagsmith Attribute||IdP claims|
Here's an example configuration from Google's SAML app creation flow.
Active Directory Federation Services Authentication is available in our Enterprise Edition.
Okta Integration is available in our Enterprise Edition.