SAML single sign-on (SSO) authentication allows users to securely authenticate with multiple applications and websites using one set of credentials.
Benefits and best practices
Implementing SSO leads to stronger security, reduced support costs, increased productivity, and flexible access.
Workiva strongly recommends implementing SSO as a best practice to simplify your login process and provide a better overall experience. There are three SSO authentication options available:
- Require SAML Single Sign-On for Users (Recommended): Non-admin users are required to use SSO, while Org Security Admins may continue to sign in using their username and password. This option works best if your company wants to require SSO but still allow Org Security Admins to access the platform if SSO experiences any issues.
- Require SAML Single Sign-On for Org Security Admins: Org Security Admins are required to use SSO. This option works best if company security policies don’t want to allow users to bypass the SSO requirement.
- Enable SAML Single Sign-On: Users can sign in with SSO or continue to use their username and password. This option works best if your company needs to allow platform access to a variable set of users outside of the core active directory.
Implementation process
The collaboration between Workiva and your teams allows for a seamless implementation process. Use the steps below to implement SSO in your organization:
Contact your internal teamContact someone from your Identity Access Management (IAM) or Information Technology (IT) team regarding the Single Sign-On integration process for Workiva application. |
Gather requirements and informationThe IAM or IT team member will gather SSO requirements and information. |
Request additional helpFor additional assistance, contact Workiva Support to schedule a call to discuss the SSO implementation process. |
Configure SSOAn Org Security Admin can configure SAML single sign-on and ensure all settings meet the company’s requirements. |
Frequently asked questions
What federation protocol is used?
SAML 2.0
Is SSO configured at the workspace or organization level?
SSO is only configured at the organization level above all associated workspaces. Once SSO is configured, all workspaces will use SSO, including newly acquired workspace solutions.
Who do we need to involve to implement SSO?
You’ll need to involve the assigned Organization Security Admin for Workiva or your SSO IT team.
What if we have a third party user that needs access to Workiva, but SSO is required?
Any third party user, such as legal counsel or auditors, will need to be placed on the SAML bypass list. This will allow the team to enforce SSO for the users it can control, while allowing bypass users to access with a Workiva password and two-factor authentication.
If SSO is required on an account, will Workiva support users, such as Customer Success Managers, need to be added to the Bypass SAML list?
No, support users are automatically excluded from the SSO requirements and follow Workiva's security policies.
Do we have to enable SSO immediately after implementation?
No, users can continue to access Workiva using a password until the Org Security Admin is ready to enable SSO and set the SSO requirements.
Can we use SSO and two-factor authentication (or multi-factor authentication)?
To use both, your SSO team will need to configure two-factor or multi-factor authentication alongside your SSO integration on your identity provider. Workiva SSO will not work with Workiva two-factor authentication; this is reserved for non-SSO users on the bypass list.
Who should we contact for assistance?
You can contact Workiva Support through email, chat, or phone.
Do you support multiple SSO identity providers?
Not at this time.