In this article, we cover off how to configure Fluid for recommended user and authentication:


1. Configure Authentication Settings


Using the administration console - configure the Authentication Providers. 

Apply a minimum level of authentication 


  • Disable Basic Passwords
  • Disable Forms (Username & Password) Login mechanism
  • Disable login alias'
  • Allow magic link login for one time pin requests - this significantly reduces user "please reset my password" support requests.
  • Allow SAML Authentication



2. Enable SSO - Single Sign On 


The Recommended Authentication mechanism is SAML 2.0 SSO - this can be configured by application administrators.  The following article explains how to configure SAML 2.0 SSO with Azure AD (o365) as the identity provider.


Fluid SSO – Azure AD : Fluid.Work Support



3. User Provisioning / De-Provisioning


To automatically provision and deprovision accounts we recommend the automated api using SCIM Protocol.  The following article explains how to configure this using Azure AD.


Import users from Azure AD using SCIM : Fluid.Work Support



4. Invite & Sign Up Settings


Ensure Self sign up is disabled and Invite options are configured as per your preference.  Define a list of accepted email domains for new users - this is likely to be your corporate domain (e.g.  @mycompany.com or @fluidbsg.com) using the following article Team Sign Up : Fluid.Work Support (freshdesk.com)





5. Whitelist Fluid domains for email and web traffic


Co-ordinate with your corporate IT / network administrators to ensure the *.fluid.work domain is not blocked by routers or firewalls, or mail servers.