The Okta/Workfront SAML integration currently supports the following features:
Note: There are multiple environments in Workfront. Please follow the instructions for the endpoint you wish to configure:
You can create a configuration for each endpoint by adding a new Workfront application to your organization.
Each environment has a different endpoint.
After configuring your desired environment please enter the desired environment endpoint in the ACS URL.
Generate the following variables, you will need them during configuration of any endpoint:
IDP Metadata: Download and save the following metadata as metadata.xml:
Sign in to Okta Admin app to have this variable generated for you.
x.509 Certificate: Download and save the following certificate:
Sign into the Okta Admin Dashboard to generate this variable.
Sign into the production environment for your company.
Select Setup in the top menu:
Select System > Single Sign-On (SSO) from the Setup menu:
Select Edit Settings:
Select Single Sign-On > Edit Configuration:
In the Single Sign-On screen that opens, select SAML 2.0 as the Type:
Click Select Metadata XML then navigate to the metadata.xml file you saved earlier. The required fields will be populated from this file:
For Certificate, click Choose File and navigate to the x.509 certificate you saved earlier. The required fields will be populated from this file:
Check Auto-Provision Users:
Click Map User Attributes:
Map your attributes as shown below, then click Save:
Click Test Connection:
Click Save:
Follow the steps in https://support.workfront.com/hc/en-us/articles/216671608-Updating-Users-for-SSO to change the Workfront Federated ID for all Workfront users to each user's email address.
Done!
Sign into the preview environment for your company.
Select Setup in the top menu:
Select System > Single Sign-On (SSO) from the Setup menu:
In the Single Sign-On screen that opens, select SAML 2.0 as the Type:
Under Populate fields from Identity Provider Metadata, click Choose File then navigate to the metadata.xml file you saved earlier. The required fields will be populated from this file:
Check Auto-Provision Users:
Map your attributes as shown below, then click Save:
For Certificate, click Choose File and navigate to the x.509 certificate you saved earlier. The required fields will be populated from this file:
Make sure the Admin Exemption and the Enable radio buttons are checked so admins can login without using SAML and to enable Single Sign-On:
Click Test Connection:
Click Save:
Done!
Sign into the sandbox environment for your company.
Note: For the sandbox environment, the sb01 endpoint number might differ. For example, it might be sb02, sb09 etc.
Select Setup in the top menu:
Select System > Single Sign-On (SSO) from the Setup menu:
Select Edit Settings:
Select Single Sign-On > Edit Configuration:
In the Single Sign-On screen that opens, select SAML 2.0 as the Type:
Under Populate fields from Identity Provider Metadata, click Select Metadata XML then navigate to the metadata.xml file you saved earlier. The required fields will be populated from this file:
For Certificate, click Choose File and navigate to the x.509 certificate you saved earlier. The required fields will be populated from this file:
Check Auto-Provision Users:
Click Map User Attributes, then click Save:
Map your attributes as shown below, then click Save:
Make sure the Admin Exemption and the Enable radio buttons are checked so admins can login without using SAML and to enable Single Sign-On:
Click Test Connection:
Click Save:
Done!
The following SAML attributes are supported:
| Name | Value |
|---|---|
| lastName | user.lastName |
| firstName | user.firstName |
| $$NAMEID | user.userName |