- docs
- FlowFuse User Manuals
- Using FlowFuse
- Getting Started
- FlowFuse Concepts
- Changing the Stack
- DevOps Pipelines
- Environment Variables
- FlowFuse File Nodes
- FlowFuse Persistent Context
- FlowFuse Project Nodes
- High Availability mode
- Instance Settings
- Logging
- Shared Team Library
- Snapshots
- Teams
- FlowFuse API
- Migrating a Node-RED project to FlowFuse
- Device Agent
- Device Agent
- Hardware Guides
- FlowFuse Cloud
- FlowFuse Cloud
- FlowFuse Self-Hosted
- Installing FlowFuse
- Overview
- Configuring FlowFuse
- DNS Setup
- Docker install
- Email configuration
- First Run Setup
- FlowFuse File Storage
- Install FlowFuse on Kubernetes
- Local Install
- Upgrading FlowFuse
- Administering FlowFuse
- Administering FlowFuse
- Administrator configuration for SSO
- licensing
- Monitoring
- Telemetry
- User Management
- Support
- Community Support
- Premium Support
- Debugging Node-RED issues
- Contributing
- Contributing to FlowFuse
# User Login Flows
This represents the login flow as of FlowFuse 1.2, that incorporates optional SSO
sequenceDiagram participant U as User participant B as Browser participant RT as ForgeApp participant DB as Database participant IDP as IdentifyProvider U->>B: Enters username/email on sign-up page U->>B: Clicks login B->>RT: POST /account/login (username=XYZ) RT->DB: Checks username/email against list of SSO registered domains alt Email not SSO enabled RT->>B: 403:{ code: 'password_required' } B->>U: Shows password box U->>B: Enters password U->>B: Clicks login B->>RT: POST /account/login (username/password) RT->>DB: Validates username/password RT->>B: 200:{} end alt Email SSO enabled alt Username provided or Password provided RT->>B: 403:{ code:'sso_required', error:'Please login with your email' } B->>U: Prompts user to enter email not username end alt Email provided RT->>B: 403:{ code:'sso_required', redirect:'/account/login?u=<base64 encoded email>' } B->>RT: GET /account/login?u=<base64 encoded email> RT->>RT: passport.authenticate RT->>IDP: SAML exchange IDP->>IDP: User authentication IDP->>RT: POST <TBD> RT->>DB: Verify Email against users alt Valid User RT->>DB: create session RT->>B: redirect to / else Unknown User RT->>B: redirect to / end end end