Org Security Admins can enable single sign-on (SSO) to add an extra layer of security to an organization and workspaces. You can set up and maintain SSO using URLs for external provisioning.
Workiva supports SP and IdP settings, using SAML 2.0. Single sign-on is established and restricted to the users of that account. Workiva allows external authentication, however authorization is administered within Workiva.
There are three basic options for SSO authentication:
-
Enable SAML Single Sign-On: Users can sign in with SSO or continue to use their username and password.
-
Require SAML Single Sign-On for Users: Non-Admin users are required to use SSO, while Org Security Admins may continue to sign in using their username and password.
-
Require SAML Single Sign-On for Org Security Admins: This requires single sign-on for Organization Security Admins.
If needed, you can designate specific users to allow them to sign in without using SSO. This is helpful when people in different departments, consultants, or those outside your company need access to Workiva. To learn more, see Add and manage SAML single sign-on bypass users.
Access SSO settings
To access and manage SAML single sign-on settings:
- In the top right, click the user icon and select Organization Admin from the Admin dropdown.
- Click Security and choose the Single Sign-On tab.
You can assign someone as an Org Security Admin from your Identity Access Management (IAM) or Information Technology (IT) teams. Then, they can then help set up SSO and ensure settings meet any company requirements.
Setting someone as an Org Security Admin only provides access to the security settings for authentication and SSO. It does not allow access to documents or data in Workiva.
To learn how to assign an organization role, see Update an organization role.
Gather SSO requirements
To gather requirements for your configuration and to test your setup, you can enable SAML in your organization before you require users to use it to sign in. By only enabling SAML, this allows you to gather what you need and does not impact users signing in.
If you need assistance setting up SSO, you can contact Workiva Support.
What's next?
- Configure SAML single sign-on
- Change a SAML single sign-on certificate
- Add or remove SAML single sign-on bypass users
- View the SAML single sign-on activity log