📦 This feature is available in the 👑 Premium subscription plan.
Workia supports SAML Single Sign-On (SSO) as a method of securely authenticating users ensuring a seamless login experience for your organization.
Accessing SAML SSO Settings
Click on your Profile icon on the top right corner to open the drop-down menu, hover over "Settings" and click on the Connections setting to open the Connections screen.
On the Connections screen, look for SAML SSO and select the "Details" button to open the integration details. Then once you are in the SAML SSO connection screen, click on "Connect".
Once you have opened the connection settings screen, you will find a list of fields requiring the SAML SSO Integration details needed to connect to Workia.
Setting Up SAML SSO
The setup process involves providing specific information that will enable your Identity Provider (IDP) to communicate securely with Workia.
Local Info
Before you can complete the SAML SSO setup, you will need to provide your IT department with specific information to configure Workia in your Identity Provider (IDP). This information includes critical URLs and certificates needed for establishing a secure connection.
💡 The email addresses and URLs will be client-specific. The above references our testing site.
Local Info - Field Definitions
Local Entity ID and Description: This is a unique URI or URL that identifies an SP or IDP in an SSO environment. It serves as the "name" of the entity, allowing other systems to recognize and interact with it.
Artifact: An artifact is a reference token exchanged during SSO to securely retrieve user authentication information.
Local Assertion Consumer Service (ACS) URL: The ACS URL is where the IDP sends authentication responses after user login. This URL ensures the authenticated session is correctly established on your SP.
Local Single Logout Service (SLS) URL: The SLS URL handles logout requests in SSO, ensuring the user’s session is terminated across all connected services.
Local Public Certificate: The local public certificate is used to encrypt SAML assertions and verify signatures in SSO. It ensures secure communication between your Service Provider (SP) and Identity Provider (IDP).
Identity Provider Info
In addition to the local information, your IT department will need to configure the following details in the Identity Provider (IDP) section.
Identity Provider Info - Field Definitions
Identity Provider Certificate: This certificate contains the public key that is used to secure communications between the Identity Provider and the Service Provider (SP).
Entity ID and Description: This is a unique URI or URL that identifies an SP or IDP in an SSO environment. It serves as the "name" of the entity, allowing other systems to recognize and interact with it.
SSO Service URL: The SSO Service URL is used by the Service Provider (SP) to send authentication requests to the Identity Provider (IDP). It’s the entry point for users to authenticate via SSO.
SLO Service URL: The SLO Service URL is used to handle logout requests. It allows a user to log out of all connected applications in an SSO session simultaneously.
Artifact Resolution Service URL: The Artifact Resolution Service URL is used to resolve SAML artifacts, which are references (or tokens) exchanged between the SP and IDP instead of the actual SAML assertions.
Once done, click on "Save" to apply the changes.
How do I know when SSO is connected?
A green dot on the connection means your Workia is connected via SSO.
Additionally, users will be greeted with a login page SSO as the primary login option. If no SSO has been configured for a user there is an option to Login with user ID and password below the Sign-in button.
When SSO is active, a new SSO toggle column will appear on the Teams screen to turn on or off SSO for specific users.
