Okta

How to Configure SAML 2.0 for Workiva

Contents


Supported Features

The Okta/Workiva SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Login to Wdesk as a Security Administrator.

  2. In the bottom left, click Admin and choose Account Admin:

    “workiva_new1.png"

  3. In Wdesk Admin, navigate to Security, then SAML > SAML Settings:

    “workiva_new2.png"

  4. Under General Settings, check the Enable SAML Single Sign On box:

    “workiva_new3.png"

  5. Under SAML User ID Settings:

    • Enable SAML User ID is Wdesk username.

    • Enable NameIdentifier element in Subject statement.

    • Click Save changes.

    “workiva_new4.png"

  6. From the SAML Settings tab, save the values for Metadata URL (this is your Audience URI) and Consumer URL (this is your ACS URL):

    “workiva_new5.png"

  7. In Okta, select the Sign On tab for the Workiva app, then click Edit.

    • Enter the ACS URL and Audience URI values you made a copy of in step 6 into the corresponding fields.

    • Click Save.

    workiva_new_1.png

  8. Copy, then save the following IdP Metadata as Metadata.xml:

    Sign in to Okta Admin app to have this variable generated for you.
  9. Click Configure IdP Settings; the Edit IdP Settings dialog will open. Click Browse to locate the Metadata.xml file you just saved, then upload it.

    workiva_new6.png

  10. Click Save Changes to finish the setup process.


Notes

SP-initiated SSO

  1. Open your Login URL.

  2. Click the Single Sign-On link:

  3. “workiva_new8.png"

  4. Enter your username or email, then click Continue:

  5. workiva_new_2.png