Make logging in easy for your Workplace community by integrating with your single sign-on provider or ADFS. Visit the Customer resource Center for more information about authentication.

Users and admins can authenticate in two ways on Workplace:
Username and Password
  • The username will be in the form of an email address which has been provisioned in advance.
  • The password is set by the user upon confirming their identity through a unique link sent to the email address registered on Workplace.
Single Sign-On (SSO)
  • The username will be in the form of an email address which has been provisioned in advance.
  • Instead of a password, authentication credentials will be provided by an SSO provider.
Was this information helpful?
Single Sign-On
Workplace can be integrated with identity providers (IdPs) for managing user authentication. This makes it easier for users to sign into Workplace using the same single sign-on (SSO) credentials they use with other systems.
You can also add multiple SSO providers to your Workplace which allows multiple IdPs to be used at the same time.
SSO for Workplace is directly supported by the following IdPs:
In addition to SSO for authentication, our partners above also support automated account provisioning and user management.
Note: Workplace supports SAML (Security Assertion Markup Language) 2.0 for SSO. You may find IdPs not listed above compatible as long as they use SAML 2.0 protocol. Workplace only supports the SHA-1 and SHA-2 algorithms for signing SAML Certificates.
Was this information helpful?
In order to enable single sign-on (SSO) authentication you'll need to:
  1. Have access to your IdP's configuration settings.
  2. Be assigned a System Administrator role in Workplace.
Was this information helpful?
Please note that Workplace only supports the SHA-1 and SHA-2 algorithms for signing SAML Certificates.
To configure SSO for Workplace from your computer:
  1. Click on the left panel of Workplace.
  2. Click Security, then click Authentication at the top bar.
  3. Under Log in, select Single sign-on (SSO).
  4. Input the values from your IdP into the fields listed:
    • Name of the SSO Provider
    • SAML URL
    • SAML Issuer URL
    • SAML Logout URL Redirect (Optional)
    • SAML Certificate (You may need to open up the downloaded certificate in a text editor in order to copy/paste this into the field.)
  5. Depending on your IdP, you may need to enter the Audience URL, Recipient URL and ACS (Assertion Consumer Service) URL listed under the SAML Configuration section.
  6. Scroll to the bottom of the section and click Test SSO. A popup window will appear with your IdP login page. Enter your credentials in as normal to authenticate. Ensure the email address being returned back from your IdP is the same as the Workplace account you're logged in with.
  7. Once the test has been completed successfully, scroll to the bottom of the page and click Save. All users using Workplace will now be presented with your IdP login page for authentication.
Adding multiple SSO providers is only available to users of Workplace Enterprise.
To add multiple SSO providers:
  1. Under your default SSO Provider, click Add New SSO Provider.
  2. Follow the steps to configure SSO listed above.
  3. Once completed, you'll see an Other section with the name of the provider you entered.
  4. You can now add employees to the IdP they belong to based on their domain by clicking Assign Email Domains.
SAML Logout Redirect (optional):
You can choose to configure an SAML Logout URL which can be used to point at your IdP's logout page. When this setting is enabled and configured, the user will no longer be directed to the Workplace logout page. Instead, the user will be redirected to the URL that was added in the SAML Logout Redirect setting.
Example with ADFS:
  1. Update the Workplace relying party trust to add a SAML Logout Endpoint to https://"adfs server"/adfs/ls/?wa=wsignout1.0
  2. Update the settings in Workplace so that the SAML Logout Redirect is set to https://"adfs server"/adfs/ls/?wa=wsignout1.0
  3. Save the settings. When you now log out, you'll be logged out from both Workplace and ADFS.
Was this information helpful?
No, we don't take SAML attributes and provision users. However, you can use self invite, or one of these provisioning methods.
To mimic partial behavior of Just-In-Time provisioning, you must ensure that single sign-on is enabled and Self Invite is on. Once you've made sure your community's settings are updated with those changes, you can create a SCIM-based user management/connector app.
Was this information helpful?
You can configure Workplace to prompt for an SAML check every day, three days, week, two weeks, month or never. The minimum duration for the SAML check on mobile applications is set to one day.
You can also force an SAML reset for all users using the button: Force All to Re-Authenticate Now.
Find out more about single sign-on (SSO) for Workplace.
Was this information helpful?
Two-factor authentication and single sign-on are two different types of authentication methods. Once a community admin enables SSO, two-factor authentication is turned off as a result.
Was this information helpful?
Active Directory Federation Services (ADFS)
Configuring ADFS for Workplace requires the following:
  • SSO system using Windows Server 2016, Windows Server 2012 R2, Active Directory Domain Services (AD DS) or Windows Server 2008 R2.
  • Active Directory Federation Services (ADFS) 2016, v3 or v2.
  • Workplace System Administrator has the exact same email address as your corresponding Active Directory user.
Was this information helpful?
Visit the ADFS section for more information on how to configure log into Workplace via ADFS.
Was this information helpful?