Basics of SAML Single Sign-on

This article is for:

  • Organization Security Admins

Overview of SSO Settings

You can enable single sign-on (SSO) to add an extra layer of security to your organization and workspaces. You can set up and maintain SSO using URLs for external provisioning.

Wdesk supports SP and IdP settings, using SAML 2.0. Single sign-on is established and restricted to the users of that account. Wdesk allows external authentication, however authorization is administered within Wdesk.

There are three basic options for SSO authentication:

  • Enable SAML Single Sign-On: Users can sign in with SSO or continue to use their username and password.

  • Require SAML Single Sign-On for Users: Non-Admin users are required to use SSO, while admins may continue to sign in using their username and password.

  • Require SAML Single Sign-On for Organization Security Admins: This requires single sign-on for Organization Security Admins.

SSO Options

If needed, you can designate specific users to allow them to sign in without using SSO. This is helpful when people in different departments, consultants, or those outside your company need access to Wdesk. To learn more, see Managing SSO Bypass Users.

Accessing SSO Settings

To access and manage SAML single sign-on settings:

1
Click your name in the bottom left, then select Organization Admin.
2
Click Security.
3
Click Single Sign-on. Single Sign-On

You can assign someone as an Organization Security Admin from your Identity Access Management (IAM) or Information Technology (IT) teams. Then, they can then help set up SSO and ensure settings meet any company requirements.

Setting someone as an Organization Security Admin only provides access to the security settings for authentication and SSO. It does not allow access to documents or data in Wdesk.

To learn how to assign an organization role, see Managing Users.

Gathering SSO Requirements

To gather requirements for your configuration and to test your setup, you can enable SAML in your organization before you require users to use it to sign in. By only enabling SAML, this allows you to gather what you need and does not impact users signing in.

If you need assistance setting up SSO, you can reach out to PlatformSupport@workiva.com.