In this article, we cover off how to configure Fluid for recommended user and authentication.

Using the administration console - configure the Authentication Providers. 

Apply a minimum level of authentication 

• Disable Basic Passwords

• Disable Forms (Username & Password) Login mechanism

• Disable login alias'

• Allow magic link login for one time pin requests - this significantly reduces user "please reset my password" support requests.

• Allow SAML Authentication

The recommended authentication mechanism is SAML 2.0 SSO - this can be configured by application administrators.  The following article explains how to configure SAML 2.0 SSO with Azure AD (o365) as the identity provider.

Fluid SSO – Azure AD : Fluid.Work Support

To automatically provision and deprovision accounts we recommend the automated api using SCIM Protocol.  The following article explains how to configure this using Azure AD.

Import users from Azure AD using SCIM : Fluid.Work Support

Ensure Self sign up is disabled and Invite options are configured as per your preference.  Define a list of accepted email domains for new users - this is likely to be your corporate domain (e.g.  @mycompany.com or @fluidbsg.com) using the following article Team Sign Up : Fluid.Work Support (freshdesk.com)

Co-ordinate with your corporate IT / network administrators to ensure the *.fluid.work domain is not blocked by routers or firewalls, or mail servers.