Fluid Help Center
Contact us
The all-in-one PMO Platform
In this article
Configure Authentication SettingsEnable SSO - Single Sign OnUser Provisioning / De-ProvisioningIP Restrictions and Customer side proxiesInvite & Sign Up SettingsWhitelist Fluid domains for email and web traffic
Home
Administration & Settings
Administration
Setting up a new instance

Recommend Enterprise Security Settings

Edited

In this article, we cover off how to configure Fluid for recommended user and authentication.

Configure Authentication Settings

Using the administration console - configure the Authentication Providers. 

Apply a minimum level of authentication 

  • Disable Basic Passwords

  • Disable Forms (Username & Password) Login mechanism

  • Disable login alias'

  • Allow magic link login for one time pin requests - this significantly reduces user "please reset my password" support requests.

  • Allow SAML Authentication


Enable SSO - Single Sign On

The recommended authentication mechanism is SAML 2.0 SSO - this can be configured by application administrators.  The following article explains how to configure SAML 2.0 SSO with Azure AD (o365) as the identity provider.

Fluid SSO – Azure AD : Fluid.Work Support


User Provisioning / De-Provisioning

To automatically provision and deprovision accounts we recommend the automated api using SCIM Protocol.  The following article explains how to configure this using Azure AD.

Import users from Azure AD using SCIM : Fluid.Work Support

IP Restrictions and Customer side proxies

Important: IP Address Whitelisting Is Not Supported

You must not attempt to whitelist Fluid services by IP addresses due to the dynamic and elastic nature of the cloud infrastructure hosting the service. Fluid is delivered via Microsoft Azure, which regularly scales and evolves. Consequently:

  • IP addresses may change without notice.

  • You cannot reliably maintain an allow list that remains current and accurate.

Hence, domain-based whitelisting is the only supported and sustainable method to ensure access.

For enterprise deployments, Fluid can optionally enable IP-based restrictions for client-side VPN access. This means:

  • Only users connecting from your corporate network or VPN IP ranges will be able to access Fluid.

  • This is an optional, premium configuration that may incur additional costs.

  • To enable this, please contact your Fluid Customer Success Manager or support team for implementation details.

Invite & Sign Up Settings

Ensure Self sign up is disabled and Invite options are configured as per your preference.  Define a list of accepted email domains for new users - this is likely to be your corporate domain (e.g.  @mycompany.com or @fluidbsg.com) using the following article Team Sign Up : Fluid.Work Support (freshdesk.com)


Whitelist Fluid domains for email and web traffic

Co-ordinate with your corporate IT / network administrators to ensure the *.fluid.work domain is not blocked by routers or firewalls, or mail servers.


Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Fluid.Work