Table of Contents

- Single Sign-On (SSO) options
   - Google SSO
   - Microsoft SSO
   - SAML SSO

---

Single Sign-On (SSO)

SSO provides a secure and convenient way for the users to login to WorkSpan without remembering an additional password. It also enables the company’s IT Administrator to centrally manage user access for the employees. 

Available SSO Options:

1. Google SSO
2. Microsoft  SSO
3. SAML / OpenID Connect (Ex: Okta)

Note: Only the Company Administrators have the access to set up SSO.

To navigate to the SSO set up page in WorkSpan:

Step 1: Go to app.workspan.com & “Sign In” to your WorkSpan application as an "Administrator". 

Step 2: Once you are logged in, click on “My Company Profile” on the top right hand corner of the page. You will be redirected to the “About” page under “My Company”.

Step 3: In the left navigation panel, you will see “Security Policies” from where you can access all the SSO options apart from Password Login (Enter a password to login). 

Manage Enterprise Single Sign On (SSO) options

1. Enabling “Google SSO”

Step 1: Once you are at the SSO set up page, select “Enable Google SSO”.

Step 2: In addition to the Google SSO, if you also want to allow your employees to login using their email address/password, select “Allow Password Login”.

Step 3: Click “Save”. 

2. Enabling “Microsoft SSO” (Microsoft Azure SSO)

Step 1: Once you are at the Security policies page, select “Enable Microsoft SSO”.

Step 2: In addition to the Microsoft SSO, if you want to login using email address/password, select “Allow Password Login”.

Step 3: Click on “Get Tenant ID”. Now, you will be redirected to the page to enter your Microsoft credentials.

Step 4: The tenant ID will automatically be populated in the “Tenant ID” field as shown in the image below:

Step 5: Now, click “Save”.

 

3. Enabling “SAML SSO”

The company’s IT department enables Security Assertion Markup Language (SAML) SSO and takes no more than 10 minutes to configure it.

SAML Set up Steps

Step 1: Once you are at the SSO set up page, select “Enable SAML/Open ID Connect”.

You need to enter “SSO URL”, and “SP Entity ID” to your identity provider in order to allow WorkSpan to authenticate your employees. Now, click on “Add SAML Configuration” to configure SAML.

Step 2: You need to enter “Entity ID”, “SSO URL”, and “Certificate” to generate Provider ID.

Note: 

• Entity ID: A string that uniquely identifies your Identity provider (It is generally provided by your Identity provider).
• SSO URL: The endpoint that is dedicated to handling SAML transactions. It will be a unique URL for your application.
• Certificate: As the communication is encrypted between your application and your Identity provider, the Identity provider public key is required in order to decrypt any incoming message.

After adding all the configuration, click on “Save”. If the entered values are correct, “ProviderID” will be auto-generated.

Step 3: Click on “Test Connection” to test the configuration.

On a successful connection, you will get the SSO login screen (Let’s say Okta is the provider here).

Now, enter the login credentials and click on “Sign In”.

Note: If the testing fails, you will not be able to save the SAML settings.