In this article, we cover off how to configure Fluid for recommended user and authentication:
1. Configure Authentication Settings
Using the administration console - configure the Authentication Providers.
Apply a minimum level of authentication
- Disable Basic Passwords
- Disable Forms (Username & Password) Login mechanism
- Disable login alias'
- Allow magic link login for one time pin requests - this significantly reduces user "please reset my password" support requests.
- Allow SAML Authentication
2. Enable SSO - Single Sign On
The Recommended Authentication mechanism is SAML 2.0 SSO - this can be configured by application administrators. The following article explains how to configure SAML 2.0 SSO with Azure AD (o365) as the identity provider.
3. User Provisioning / De-Provisioning
To automatically provision and deprovision accounts we recommend the automated api using SCIM Protocol. The following article explains how to configure this using Azure AD.
4. Invite & Sign Up Settings
Ensure Self sign up is disabled and Invite options are configured as per your preference. Define a list of accepted email domains for new users - this is likely to be your corporate domain (e.g. @mycompany.com or @fluidbsg.com) using the following article Team Sign Up : Fluid.Work Support (freshdesk.com)
5. Whitelist Fluid domains for email and web traffic
Co-ordinate with your corporate IT / network administrators to ensure the *.fluid.work domain is not blocked by routers or firewalls, or mail servers.