Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.flowla.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide is a simplified, Flowla-focused walkthrough derived from the official Microsoft guide, which you can refer to for full platform details.

Prerequisites

  • Microsoft Entra user account with one of the following roles: Cloud Application Administrator, Application Administrator, Owner of the service principal
  • Admin access to your Flowla workspace
User emails in Flowla must match user emails in Entra ID; otherwise authentication will fail.

Step 1: Register your application

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Entra ID > App registrations > New registration.
  3. Enter a Name for your application (for example, “Flowla SSO”).
  4. Under Supported account types, select the appropriate option
  5. Select the platform type as Web
  6. Set Redirect URI as https://app.flowla.com/sso
  7. Select Register.
Entra ID app registration page with Register action highlighted

Step 2 - Configure authentication settings

  1. In your app registration, navigate to Authentication.
  2. Verify your redirect URIs are correctly configured for your platform type.
  3. Ensure your redirect URIs are listed under the Web platform. This option configures the standard Authorization Code flow.
Entra ID Authentication page showing Web platform redirect URI configuration

Step 3 - Configure client credentials

  1. Navigate to Certificates & secrets.
  2. Select New client secret.
  3. Add a description and select an expiration period.
  4. Select and copy the secret value immediately (it can’t be shown again).
  5. Store the client secret securely in your application configuration.
Protect your Client Secret Value by keeping it confidential. Avoid sharing it in public repositories, forums, or unencrypted channels.
Entra ID Certificates and secrets page for creating a new client secret
Entra ID client secret value displayed after creation

Step 4 - Configure API permissions

  1. Navigate to API permissions.
  2. Select Add a permission
  3. Choose Microsoft Graph
  4. Select Delegated permissions
  5. Search for and add the following delegated permissions:
    • openid - Required for OIDC authentication.
    • profile - Allows access to the user’s basic profile information.
    • email - Allows access to the user’s email address.
  6. Select Add permissions
Entra ID API permissions screen with Microsoft Graph delegated permissions selected

Step 5 - Gather application details

After registration and configuration, collect the following information needed for your application: From the Overview page, note:
  • Application (client) ID: Your app’s unique identifier
  • Directory (tenant) ID: Your tenant’s unique identifier https://login.microsoftonline.com/{tenant}/v2.0/ (replace with your tenant ID)
  • Client Secret Value: Your client secret’s value which created and copied in Step 3
Entra ID overview page showing application and directory IDs

Step 6 — Enable SSO in Flowla

In Flowla, go to Settings → Security & Permissions and click Enable SSO. Fill in the form with the values you copied from Entra ID:
Flowla SSO setup form with identity provider URL, client ID, client secret, and email domain fields
1

Enter your Identity Provider URL

Paste https://login.microsoftonline.com/{tenant}/v2.0/ (replace with your tenant ID)
2

Enter your Client ID

Paste Client ID
3

Enter your Client Secret

Paste the Client Secret Value (not ID)
4

Set your email domain

Enter the email domain your organization uses (e.g. yourcompany.com). Users with this domain will be required to sign in via SSO.
5

Save and test

Click Save to activate SSO. Open a new browser session and verify you can sign in via Entra ID.

For more information, visit Microsoft Entra ID OIDC setup (non-gallery application)

Official guide for configuring OIDC SSO for a custom non-gallery application.