How to Configure SAML 2.0 for Workspace

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Workspace SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Login to your Workspace account as administrator.

2. Click on the gear icon on the top right:

   

3. Select Login under Users, then click Okta under Sign-in (Authentication) Method. Then follow the steps below:

   • Allow users without accounts to login (optional): Select this option to enable JIT (Just In Time) Provisioning.

   • Identity Provider Single Sign-On URL: Copy and paste the following:

     Sign into the Okta Admin dashboard to generate this value.

   • Identity Provider Issuer: Copy and paste the following:

     Sign in to the Okta Admin dashboard to generate this value.

   • X.509 Certificate: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Click Update Sign-in Settings:

   

4. Done!

---

Notes

• Make sure that you entered the correct value in the Subdomain field under the General tab. Using the wrong value will prevent you from authenticating via SAML to Workspace.

• The following SAML attributes are supported:

  Name	Value
  first	user.firstName
  last	user.lastName
  email	user.userName
  login	user.login

SP-initiated SSO

1. Go to: https://[your-subdomain].app-workspace.com/auth/login URL.

2. Click Login with Okta: