This article is for:
- Org Security Admins
Overview of SSO Settings
You can enable single sign-on (SSO) to add an extra layer of security to your organization and workspaces. You can set up and maintain SSO using URLs for external provisioning.
Workiva supports SP and IdP settings, using SAML 2.0. Single sign-on is established and restricted to the users of that account. Workiva allows external authentication, however authorization is administered within Workiva.
There are three basic options for SSO authentication:
Enable SAML Single Sign-On: Users can sign in with SSO or continue to use their username and password.
Require SAML Single Sign-On for Users: Non-Admin users are required to use SSO, while admins may continue to sign in using their username and password.
Require SAML Single Sign-On for Org Security Admins: This requires single sign-on for Organization Security Admins.
If needed, you can designate specific users to allow them to sign in without using SSO. This is helpful when people in different departments, consultants, or those outside your company need access to Workiva. To learn more, see Managing SSO Bypass Users.
Accessing SSO Settings
To access and manage SAML single sign-on settings:
- Click your name in the bottom left, then select Organization Admin.
- Click Security .
- Click Single Sign-on.
You can assign someone as an Org Security Admin from your Identity Access Management (IAM) or Information Technology (IT) teams. Then, they can then help set up SSO and ensure settings meet any company requirements.
Setting someone as an Org Security Admin only provides access to the security settings for authentication and SSO. It does not allow access to documents or data in Workiva.
To learn how to assign an organization role, see Managing Users.
Gathering SSO Requirements
To gather requirements for your configuration and to test your setup, you can enable SAML in your organization before you require users to use it to sign in. By only enabling SAML, this allows you to gather what you need and does not impact users signing in.
If you need assistance setting up SSO, you can reach out to firstname.lastname@example.org.