How to Configure SAML 2.0 for Workiva


Supported Features

The Okta/Workiva SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Login to Wdesk as a Security Administrator.

  2. In the bottom left, click Admin and choose Account Admin:


  3. In Wdesk Admin, navigate to Security, then SAML > SAML Settings:


  4. Under General Settings, check the Enable SAML Single Sign On box:


  5. Under SAML User ID Settings:

    • Enable SAML User ID is Wdesk username.

    • Enable NameIdentifier element in Subject statement.

    • Click Save changes.


  6. From the SAML Settings tab, save the values for Metadata URL (this is your Audience URI) and Consumer URL (this is your ACS URL):


  7. In Okta, select the Sign On tab for the Workiva app, then click Edit.

    • Enter the ACS URL and Audience URI values you made a copy of in step 6 into the corresponding fields.

    • Click Save.


  8. Copy, then save the following IdP Metadata as Metadata.xml:

    Sign in to Okta Admin app to have this variable generated for you.
  9. Click Configure IdP Settings; the Edit IdP Settings dialog will open. Click Browse to locate the Metadata.xml file you just saved, then upload it.


  10. Click Save Changes to finish the setup process.


SP-initiated SSO

  1. Open your Login URL.

  2. Click the Single Sign-On link:

  3. “workiva_new8.png"

  4. Enter your username or email, then click Continue:

  5. workiva_new_2.png