Configure single sign-on (SSO) for Workplace
This page is only applicable to admins. Two-factor authentication and single sign-on are 2 different types of authentication method – if you enable SSO, two-factor authentication is turned off as a result.
Workplace can be integrated with identity providers (IdPs) for managing user authentication. This makes it easier for users to sign into Workplace using the same single sign-on (SSO) credentials they use with other systems.
You can also add multiple SSO providers to your Workplace which allows multiple IdPs to be used at the same time.
SSO for Workplace is directly supported by the following IdPs:
- ADFS (Active Directory Federation Service)
- Microsoft Azure AD
- Google Identity
- Ping Identity
In addition to SSO for authentication, our partners above also support automated account provisioning and user management.
Note: Workplace supports SAML (Security Assertion Markup Language) 2.0 for SSO. You may find IdPs not listed above compatible so long as they use SAML 2.0 protocol.
Configuring SSO for Workplace
In order to enable single sign-on (SSO) authentication you'll need to:
- Have access to your IdP's configuration settings.
- Be a system admin on Workplace.
Please note that Workplace only supports the SHA-1 and SHA-2 algorithms for signing SAML Certificates.
To configure SSO for Workplace from your computer:
To add multiple SSO providers:
You can require people to reauthenticate on Workplace:
- Every day
- Every 3 days
- Every week
- Every 2 weeks
- Every month
You can also force an SAML reset for all users by clicking Force all to re-authenticate now.
Configure Workplace login through the Active Directory Federation Service (ADFS)
Does Workplace support Just-in-Time provisioning via SSO?