Account security
Super Admins and IAM Admins have complete control over the sign in page customization and custom sign-up URL associated with your organizationβs domain.
Manage how users sign in
Your account is assigned a unique URL that can be used for signing in. Kissflow supports the following sign in options that can be controlled from Account security > Sign in preferences, you can also restrict the options for signing in:
Sign in with Kissflow
Email and Password is the conventional method where users can enter the email address and password they set up on the sign in page during the initial sign up or after a password reset.
You can define and enforce a password policy for all users in your organization to maintain account security and prevent weak passwords. This policy helps ensure that all new and existing users follow the same standard when creating or resetting their passwords.
To access and configure the password policy, go to Account security > Password policy.
When you update any of these settings, they apply to all users in the account immediately. Users will be prompted to reset their passwords if the current one does not comply with the new policy.
Note:
Changes to the password policy take effect only after you confirm the update. If users are signed in, they will need to reset their password during their next login attempt if it does not meet the new requirements.
- Minimum length β Set the minimum number of characters required in a password.
- Character combination β Require users to include a mix of uppercase and lowercase letters, numbers, and special characters.
- Prohibit reuse of old passwordsβ Restrict users from reusing their recent passwords.
- Password expiry β Define how often users must update their password.
Sign in with Google and Microsoft
Kissflow supports OAuth based sign in using Google and Microsoft accounts by default. You can also configure other providers for OAuth authentication, such as GitHub, Slack, LinkedIn, or Azure by contacting our support team.
Sign in with SAML
Custom SSO (Single Sign On), organizations using a SAML-based SSO (e.g., Okta, OneLogin, etc.) can configure it for their Kissflow account.
To enable a SAML-based SSO sign-in for your customers, enter the following details after clicking the Configure SAML button:
- Identity provider (IdP) URL - This URL comes from the SAML provider you've chosen. Once a user clicks on the SSO button from the sign-in page, they will be directed to this remote sign-in URL of your SAML server.
- Sign out URL - This is an optional field. You can provide the sign-out URL to direct your users to a particular URL after signing out of the SAML provider and Kissflow platform.
- Security key - Kissflow uses the SHA2 fingerprint of the SAML signed token certificate from your SAML server to decrypt the data from your SAML provider.
- Consumer assertion URL to Kissflow - This is the URL you must provide to the SAML provider. This URL is unique to your account.
- User field where SAML identifier is stored - Specify the column name in the user management table where you want the unique SAML identifier stored.
- Create users when they exist in the IdP - Enable to automatically add your company's users after they verify their user identity.
After entering all the information, click Save to enable SSO using SAML.
Note:
Contact our support team if you want to configure other providers for OAuth authentication.
Click here to learn how to set up a SAML-based SSO for Microsoft Azure AD.
Manage how users sign up
Rather than individually inviting new users, you can make your Kissflow sign-up process globally accessible by sharing the custom URL. You can access Sign-up preferences and enable the Allow new signups option.
Anyone who visits this URL will be prompted to add their name and email address. Then, as a Super Admin, or an IAM Admin you will be notified to approve the user's sign-up. You can manually choose the user from the User Management tab and click the Activate button to provide an active license to the user.
If you want to disable future sign-ups via this URL for new users, disable Allow new signups and click Save.
Access key setting
You can limit the maximum expiry duration of the access keys created via the Kissflow account you are currently administering with the help of this setting.
Navigate to Account administration > Account security > Access key setting to set the expiry limit.
The expiry duration periods we currently offer are 6 months, 1 year, and 2 years. You can also opt to have no limit for the expiry, the default value set for this dropdown.
Note:
This is an account-level setting, and any changes made here will affect all the existing and new access keys.