Configuring SAML Protocol
Configuration path: Platform Management → Single Sign-On → Enable → Settings → Select SAML2.0 protocol type
| Field | Description |
|---|---|
| Protocol Type | Select SAML2.0 |
| Metadata Document | XML document obtained from the identity provider |
| Field Mapping | Flashduty extracts user email, username, and phone information from the identity provider through mapped fields |
| Login Domain | An important identifier for identity recognition, globally unique |
| Create Account on Sign In | Enabled by default; when disabled, members must be invited before they can sign in |
| Flashduty Service Provider Info | Service Provider Metadata and Assertion Consumer Service URL (assertion address for identity provider to call for single sign-on) |
Configuring OIDC Protocol
Configuration path: Platform Management → Single Sign-On → Enable → Settings → Select OIDC protocol type
| Field | Description |
|---|---|
| Protocol Type | Select OIDC protocol |
| Issuer | Obtained from identity provider, case-sensitive URL that cannot contain query parameters |
| Client ID | Client ID, obtained from identity provider |
| Client Secret | Client secret, obtained from identity provider |
| Field Mapping | Flashduty extracts user email, username, and phone information from the identity provider through mapped fields |
| Login Domain | An important identifier for identity recognition, globally unique |
| Create Account on Sign In | Enabled by default; when disabled, members must be invited before they can sign in |
| Flashduty Service Provider Info | Redirect URL: Identity provider callback address Supported Signing Algorithms: RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512 (HS256 not supported) Requested Scopes: openid, email, phone |
Configuring CAS Protocol
Configuration path: Platform Management → Single Sign-On → Enable → Settings → Select CAS protocol type
| Field | Description |
|---|---|
| Protocol Type | Select CAS protocol |
| CAS Address | CAS service address obtained from identity provider |
| CAS Login Path | CAS login path |
| Field Mapping | Flashduty extracts user email, username, and phone information from the identity provider through mapped fields |
| Login Domain | An important identifier for identity recognition, globally unique |
| Create Account on Sign In | Enabled by default; when disabled, members must be invited before they can sign in |
| Flashduty Service Provider Info | Redirect URL: Identity provider callback address |
Configuring LDAP Protocol
LDAP single sign-on is only supported in the private deployment version.
| Field | Description |
|---|---|
| Protocol Type | Select LDAP protocol |
| LDAP URL | LDAP service address, e.g., ldap://10.10.10.10:389 |
| BIND DN | Username for connecting to LDAP, e.g., cn=admin,dc=flashduty,dc=com |
| BIND DN Password | Password for connecting to LDAP, stored encrypted in the database |
| TLS | Skip Verify during TLS sign in |
| StartTLS | Whether to enable StartTLS |
| User DN | Defines where to start searching for users, e.g., ou=people,dc=flashduty,dc=com |
| Auth Filter | Custom filter expression for retrieving user DN information, basic form: (&(mail=%s)). Note: Opening and closing parentheses are required |
| Field Mapping | Flashduty extracts user email, username, and phone information from the identity provider through mapped fields; email is a required mapping field |
| Login Domain | An important identifier for identity recognition, globally unique |
| Create Account on Sign In | Enabled by default; when disabled, members must be invited before they can sign in |