Team collaboration - Single sign on

You can connect SAML providers to Workato. This allows you to provide authentication and authorized access for multiple users across multiple web applications.

This means that your team members do not have to manually create accounts with Workato. Instead, they can authenticate themselves with Single Sign On (SSO).

SSO also enables just in time provisioning to streamline your onboarding flow.

Create Workato application on your SAML provider

These are the steps to enable SSO for Okta and OneLogin.

Okta Single sign on

Steps Description
1. Create new application Locate Applications > Add application.
Add application on Okta
Add application on Okta. Refer to the Okta documentation for more details
2. Select SAML 2.0 Create a new application on Okta
Create a new application on Okta
3. Skip to SAML settings Okta Config Wizard
Workato Service Provider settings for Okta

Fill in the settings form as follows:
Field Value
Single Sign On URL https://www.workato.com/saml/init
Use this for Recipient URL and Destination URL Enable checkmark
Allow this app to request other SSO URLs Enable checkmark
Requestable SSO URLs https://www.workato.com/saml/consume
Audience URI (SP Entity ID) https://www.workato.com/saml/metadata
4. Select Save and Create The final Okta settings screen should look like this:
Okta Config View
Workato Service Provider completed settings on Okta
5. Obtain Okta Metadata URL Follow these steps to obtain the Okta Metadata URL:
  • Locate the newly created Application's page
  • Locate the Sign On tab
  • Right-click on Identity Provider metadata and Copy link address
Okta IdP URL
Okta metadata URL

OneLogin Single Sign-On

Steps Description
1. Add application on OneLogin Locate Appplications > Add App.
Add application on OneLogin
Add application on OneLogin. Refer to the OneLogin documentation for more details
2. Create a new SAML application Locate Apps > Add app > SAML Test Connector.
SAML test connector
SAML test connector
3. Skip to Configuration settings OneLogin Config Wizard
Workato Service Provider settings for OneLogin

Fill in the settings form as follows:
Field Value
Audience https://www.workato.com/saml/metadata
Recipient https://www.workato.com/saml/init
ACS (Consumer) URL Validator ^https:\/\/www.workato.com\/saml\/*$
ACS (Consumer) URL https://www.workato.com/saml/consume
4. Obtain OneLogin Metadata URL Follow these steps to obtain the OneLogin Metadata URL:
  • Save the OneLogin new application setup
  • Select More Actions
  • Right-click on SAML metadata and Copy link address
OneLogin IdP URL
OneLogin metadata URL

Workato Single Sign-on setup

After creating a new application on your SAML provider, finish the SSO setup on the Workato Team setting page.

Fill in the required fields and select Validate Settings. After validation has succeeded, select Save.

Workato SAML config Workato SAML Okta Configuration example

Input Field Description
Team name Define the name for this team.
Authentication method Select SAML based SSO.
Team ID Define a team ID. This is used to identify teams on login.
SAML provider Select your SAML provider.
Do you have your identity provider metadata URL. Enable this option.
Metadata URL Input the metadata URL which you have previously obtained.
Do you want to enable SAML JIT provision See here for more information.

SSO configuration with x.509 certificate

You can also configure the SAML settings manually. In this case, you need to get from SAML Identity Provider next information:

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate

Workato SAML manual config Workato SAML Okta Manual Configuration example

Assign SAML to people

Once you have completed the SSO configuration, you can start assigning this SAML application to your team members.

For example, we will use the Workato SAML application in Okta. Select Assign > Assign to people.

Workato SAML application on Okta Workato SAML application on Okta

Assign team members from the list provided.

Assign SAML to people Assign SAML to people

Logging into SAML-enabled Team

Once SAML is enabled, access to Team is controlled by SAML Identity Provider (Okta, OneLogin, etc). Your team members can now access their Workato accounts from the SAML provider.

  • From Okta, clicking on the Workato application will lead users to the Workato platform.

Workato app on Okta Workato app on Okta

  • From the Workato platform, switching from a personal account to a (SAML-enabled) Team account will require authentication through the SAML provider.

Team Switch with Okta Switch to Team account with Okta authorization

results matching ""

    No results matching ""