Okta

How to Configure SAML 2.0 for When I Work

  1. Contact the When I Work Support team (support@wheniwork.com) and request that they enable the SAML 2.0 configuration UI for your account.

  2. The When I Work Support team will enable the SAML 2.0 configuration UI for your account.

  3. After receiving a confirmation email, login to When I Work as an administrator.

  4. Navigate to Settings > INTEGRATIONS:

    work1.png

  5. Select SAML SSO, then enter the following:

    • ISSUER URL (ENTITY ID): Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • ENDPOINT URL (SSO): Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • CERTIFICATE FINGERPRINT (SHA256):

      • Download and save the following x.509 Certificate:

        Sign into the Okta Admin Dashboard to generate this variable.

      • Open a terminal and run the following openssl command to get a SHA256 certificate fingerprint:

        openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint

      • Save the SHA256 Fingerprint value and paste it into the CERTIFICATE FINGERPRINT (SHA256) field.

        worknew1.png

    • Make a copy of the last part (the Account ID) of the CONSUMER URL.

      For example, if your CONSUMER URL is https://app.wheniwork.com/rest/saml/auth/123456, the portion you need to make a copy of is 123456.

    • Click SAVE.

    work2.png

  6. In Okta, select the General tab for the When I Work app, then click Edit.

    • Enter the Account ID value you saved in step 5 into the corresponding field.

    • Click Save.

    work3.png

  7. Done!


Notes:

IdP-initiated flows, SP-initiated flows, and Just In Time (JIT) provisioning are all supported.

For SP-initiated Flows

  1. Open the following URL: https://[company].wheniwork.com/

  2. Click Sign in with okta:

    3. work4.png