Workloud Setup for Single Sign On with SAML 2.0
This article provides client an overview of how to configure Single Sign On with SAML 2.0.
SSO allows customers to authenticate against their own systems when logging into Workloud. Our implementation uses the SAML 2.0 protocol.
- Identity Provider (IDP)/Asserting Party
o This is the customer. A common implementation is Microsoft Active Directory Federated Services (ADFS)
- Service Provider (SP)/Relying Party
o This is Workloud
Identity Provider Configuration
The customer will need our Service Provider Metadata to add Workloud as a relying party in their IDP. The metadata can be retrieved by a URL from Workloud:
For Web application:
For mobile application:
Recommended Best Practices
- SHA-256 algorithm
- Workloud SSO requires the unique identifier field provided by ADFS to be contained within the Attribute Statement block of the response. Most clients find using the email address to be the best unique identifier to achieve this result.
- “Relay State” parameter sent by Workloud with Authentication SAML request is required to be included into Federation Service’s SAML response coming back to Workloud.
Workloud (Service Provider) Configuration
Setting up Metadata and UID Pattern on a System level
Creating a User Profile for Single Sign-On