Follow

Workloud Setup for Single Sign On with SAML 2.0

Workloud Setup for Single Sign On with SAML 2.0

This article provides client an overview of how to configure Single Sign On with SAML 2.0.

 

SSO Overview

SSO allows customers to authenticate against their own systems when logging into Workloud.  Our implementation uses the SAML 2.0 protocol.

  • Identity Provider (IDP)/Asserting Party

o   This is the customer.  A common implementation is Microsoft Active Directory Federated Services (ADFS)

  • Service Provider (SP)/Relying Party

o   This is Workloud

Identity Provider Configuration

The customer will need our Service Provider Metadata to add Workloud as a relying party in their IDP.  The metadata can be retrieved by a URL from Workloud:

For Web application:

https://app.workloud.com/<customer>/samlsso/metadata.ashx?dmn=<domainName>

For mobile application:

https://app.workloud.com/<customer>/interop/Current/samlsso/metadata.ashx?dmn=<domainName>

Recommended Best Practices

Workloud SSO requires the unique identifier field provided by ADFS to be contained within the Attribute Statement block of the response.  Most clients find using the email address to be the best unique identifier to achieve this result.

“Relay State” parameter sent by Workloud with Authentication SAML request is required to be included into Federation Service’s SAML response coming back to Workloud.

Workloud (Service Provider) Configuration

 

Setting up Metadata and UID Pattern on a System level

 

https://support.workloud.com/hc/en-us/articles/115001794466-Configure-Workloud-Services-Provider-for-SAML-Single-Sign-On

 

 Creating a User Profile for Single Sign-On

https://support.workloud.com/hc/en-us/articles/115001796366-Create-a-User-Profile-with-Single-Sign-On-SSO-Access

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk