Single Sign-On

Configure SSO with Clerk-powered authentication including OAuth providers, session management, and organization-level access control


Flow uses Clerk as its authentication and identity platform, providing enterprise-grade single sign-on (SSO) capabilities out of the box. Users authenticate through Clerk's managed sign-in flow with support for multiple OAuth providers and organization-level access control.

Overview

Flow's SSO integration provides:

  • Managed Authentication - Clerk handles all authentication flows securely
  • OAuth Providers - Sign in with Google, GitHub, Microsoft, and other providers
  • Session Management - Secure session handling with automatic refresh
  • Organization Sync - Automatic provisioning of users and organizations
  • Role-Based Access - User roles synced between Clerk and Flow

Authentication Flow

Sign Up

  1. Navigate to the Flow sign-up page
  2. Choose an authentication method:
    • Email/Password - Traditional credential-based sign-up
    • OAuth Provider - Sign in with Google, GitHub, or other configured providers
  3. Complete email verification if required
  4. Clerk creates the user identity and session
  5. Flow automatically provisions the user record and organization

Sign In

  1. Navigate to the Flow sign-in page
  2. Authenticate using your configured method
  3. Clerk validates credentials and establishes a session
  4. Flow loads the user's organization context and permissions

Session Management

  • Sessions are managed by Clerk with secure token handling
  • Automatic token refresh ensures uninterrupted access
  • Sessions expire based on configured timeout policies
  • Users can sign out from any device

Organization Provisioning

When a user signs in for the first time, Flow automatically:

  1. Checks if the user exists in Flow's database
  2. Creates or updates the user record with Clerk identity data
  3. Associates the user with their organization
  4. Assigns the appropriate role (Admin for first user, configurable for subsequent users)

Data Synced from Clerk

Field Description
Clerk ID Unique identifier from Clerk
Email User's email address
Name Display name
Organization Associated organization
Role Assigned role within Flow

Supported Providers

Clerk supports a wide range of OAuth providers that can be configured for your Flow deployment:

  • Google - Google Workspace and personal accounts
  • GitHub - Developer-focused authentication
  • Microsoft - Azure AD and Microsoft accounts
  • Apple - Apple ID authentication
  • Additional Providers - Configurable through Clerk's dashboard

Configuring Providers

OAuth providers are configured through the Clerk Dashboard:

  1. Navigate to your Clerk application settings
  2. Enable desired OAuth providers under Social Connections
  3. Configure client IDs and secrets for each provider
  4. Set redirect URLs to your Flow deployment
  5. Users will see enabled providers on the sign-in page

Security Features

Built-in Protections

  • CSRF Protection - Cross-site request forgery prevention on all auth endpoints
  • Rate Limiting - Protection against brute force and credential stuffing
  • Secure Sessions - HttpOnly, Secure, SameSite cookie configuration
  • Token Rotation - Automatic rotation of session tokens

Multi-Factor Authentication

Clerk supports MFA options that can be enabled for your organization:

  • TOTP - Time-based one-time passwords (Google Authenticator, Authy)
  • SMS - SMS-based verification codes
  • Backup Codes - Recovery codes for account access

Best Practices

  • Enable MFA - Require multi-factor authentication for all users, especially administrators
  • Use OAuth - Prefer OAuth providers over email/password for enterprise environments
  • Review Sessions - Periodically audit active sessions and revoke stale access
  • Least Privilege - Assign the minimum role needed for each user's responsibilities
  • Monitor Sign-ins - Review Clerk's authentication logs for suspicious activity

Search Documentation

Search through documentation, navigate to pages, or run quick actions