Single Sign-On (SSO) with SAML simplifies access for enterprise users while keeping things secure. By integrating your organization’s Identity Provider (IdP) with Workway, employees can log in using their existing credentials—no extra accounts or passwords needed. This guide will walk you through the setup process step by step.

Benefits of SSO with SAML

• Streamlined Access: Employees log in using your company’s existing IdP.
• Enhanced Security: SAML 2.0 ensures safe authentication.
• Better User Experience: No need for employees to remember multiple logins.
• Compliance-Friendly: Supports enterprise-grade security and compliance policies.

What you’ll need to get started

1. Identity Provider Requirements

Make sure your IdP meets the following criteria:

• Compatible Providers: Workway supports:
  • Active Directory/LDAP
  • ADFS
  • Azure Active Directory
  • Google Workspace
  • Okta
  • PingFederate
  • OpenID Connect
  • Custom SAML setups
• SAML 2.0 Compliance: Your IdP must fully support SAML 2.0, including:
  • HTTP-Redirect and HTTP-POST binding methods.
  • Valid X.509 certificate for signing SAML assertions (not expired, SHA-256 encryption recommended).
• SAML Metadata: Provide an up-to-date metadata file or URL, including:
  • Login/logout endpoints.
  • Token signing details.
• Assertion Attributes: Ensure the SAML response includes:
  • NameID: Unique user ID (email or employee ID).
  • Email: Matches the user’s organizational email.
  • FirstName & LastName: Displayable full name.
  • Groups (optional): Roles for access control (e.g., admin, user).

2. Network and Security Setup

• Firewall Rules: Confirm your IdP endpoints are accessible by Workway. Share any custom ports or protocols with your IT team.
• Allowlisted IPs: Allowlist Workway’s IP ranges (ask for the full list if needed).
• Secure Channels: All communication must use TLS 1.2 or higher.

3. User Directory and Access Control

• Keep your user directory up to date and synced to avoid outdated accounts.
• Define roles (e.g., admin vs. standard user) within your IdP.
• Set clear protocols for deactivating user access after termination or role changes.

Steps to enable SSO with SAML in Workway

Step 1: Gather the essentials

• Assign a technical contact from your team to oversee the integration.
• Share your SAML metadata and endpoint details with Workway.

Step 2: Configuration

• Workway configures the integration based on your metadata, including:
  • Attribute mapping: Match SAML attributes (NameID, email, etc.) to Workway’s user schema.
  • Role setup: Align roles (admin, user) to your organizational structure.
• Optionally set up a fallback authentication method for emergency access.

Step 3: Test the setup

• Use a test account to confirm everything works as expected.
• Test various scenarios, such as:
  • Successful and failed logins.
  • Proper mapping of user details and roles.
  • Single Logout (SLO), if configured.
• Optional: Perform load testing to ensure the system handles peak usage smoothly.

Step 4: Deploy and roll out

• Enable SSO for all users.
• Provide training or documentation to help your team navigate the new login process.
• Monitor the system closely during the initial rollout to address any issues.

Ongoing maintenance

Support

Workway’s technical support team is here to help with:

• Troubleshooting login issues.
• Updating configurations as your needs change.
• Monitoring authentication performance for potential improvements.

Periodic Reviews

• Conduct user access audits and SAML configuration reviews every 6 months.
• Renew certificates before they expire to prevent disruptions.
• Update metadata and endpoints as needed to match changes in your IdP setup.

By following this guide, you’ll enable secure, seamless, and efficient access for your users—all while keeping security and compliance in check.