- docs
- FlowFuse User Manuals
- Using FlowFuse
- Getting Started
- Static asset service
- Bill of Materials
- FlowFuse Concepts
- Changing the Stack
- Custom Hostnames
- Custom Node Packages
- Device Groups
- DevOps Pipelines
- Environment Variables
- FlowFuse Assistant
- FlowFuse File Nodes
- FlowFuse Project Nodes
- High Availability mode
- HTTP Access Tokens
- Instance Settings
- Logging
- persistent-context
- Shared Team Library
- Snapshots
- Team Broker
- Teams
- User Settings
- FlowFuse API
- Migrating a Node-RED project to FlowFuse
- Device Agent
- Device Agent
- FlowFuse Device Agent Introduction
- Quick Start
- Installation
- Register your Remote Instance
- Running the Agent
- Deploying your Flows
- Hardware Guides
- FlowFuse Cloud
- FlowFuse Cloud
- FlowFuse Self-Hosted
- Quick Start
- Installing FlowFuse
- Overview
- Configuring FlowFuse
- DNS Setup
- Docker install
- Docker from AWS Market Place
- Docker on Digital Ocean
- Add Project Stacks on Docker
- Docker Engine on Windows
- Email configuration
- First Run Setup
- FlowFuse File Storage
- Install FlowFuse on Kubernetes
- Upgrading FlowFuse
- Administering FlowFuse
- Administering FlowFuse
- Configuring Single Sign-On (SSO)
- Licensing
- Monitoring
- Telemetry
- User Management
- Support
- Community Support
- Premium Support
- Debugging Node-RED issues
- Contributing
- Contributing to FlowFuse
- Introduction
- Adding Template Settings
- API Design
- Creating debug stack containers
- Database migrations
- FlowFuse Architecture
- Local Install
- State Flows
- Device Editor
- Invite External Users
- User Login Flows
- Reset Password Flow
- Project Creation
- Instance states
- User Sign up Flow
- Team creation Flow
- Team Broker
- Working with Feature Flags
# User Login Flows
This represents the login flow as of FlowFuse 1.2, that incorporates optional SSO
sequenceDiagram
participant U as User
participant B as Browser
participant RT as ForgeApp
participant DB as Database
participant IDP as IdentifyProvider
U->>B: Enters username/email on sign-up page
U->>B: Clicks login
B->>RT: POST /account/login (username=XYZ)
RT->DB: Checks username/email against list of SSO registered domains
alt Email not SSO enabled
RT->>B: 403:{ code: 'password_required' }
B->>U: Shows password box
U->>B: Enters password
U->>B: Clicks login
B->>RT: POST /account/login (username/password)
RT->>DB: Validates username/password
RT->>B: 200:{}
end
alt Email SSO enabled
alt Username provided or Password provided
RT->>B: 403:{ code:'sso_required', error:'Please login with your email' }
B->>U: Prompts user to enter email not username
end
alt Email provided
RT->>B: 403:{ code:'sso_required', redirect:'/account/login?u=<base64 encoded email>' }
B->>RT: GET /account/login?u=<base64 encoded email>
RT->>RT: passport.authenticate
RT->>IDP: SAML exchange
IDP->>IDP: User authentication
IDP->>RT: POST <TBD>
RT->>DB: Verify Email against users
alt Valid User
RT->>DB: create session
RT->>B: redirect to /
else Unknown User
RT->>B: redirect to /
end
end
end
On this page
Updated: 17 Apr, 2025