Workstream has the capacity to support integration with SAML 2.0 through Okta. Integrating Okta and Workstream allows you to maintain your organization's SSO requirements, and ensures your Workstream user provisioning fits into pre-existing workflows. This article will walk you through setting up SAML 2.0 for your Workstream workspace so that you can begin using these features.
Supported Features
The Okta/Workstream SAML integration currently supports the following features:
IdP-initiated SSO
JIT (Just In Time) Provisioning
SCIM Provisioning
For more information on the listed features, visit the Okta Glossary.
Installing the Workstream App
To get started, you (or your Okta administrator) will need to install the Workstream app in Okta. Follow the steps below to add the integration:
Login to Okta as an admin
Click on the "Applications" link under the "Applications" heading on the lefthand navigation
Click on "Browse App Catalog"
Search for "Workstream"
Click the "Add Integration" button
On the next page, either rename the application label, or leave it as is. Then click "Done" to install the integration
Initiating the SAML Connection
Setting up SAML will require coordination between an Okta admin and Workstream's team. To get the process started, send a request to [email protected] or through the support widget at the bottom of this page with the following information:
Company Name
Whether SCIM should be enabled
Point of contact name
Point of contact email
Identity Provider Single Sign-On URL
This is a unique URL for your Workstream app within Okta. To locate it, navigate to the Workstream app, and find the Sign On tab
Then find the "View Setup Instructions" button under SAML 2.0.
Copy the URL from the Identity Provider Single Sign-On URL box, and add it to your message for the Workstream team. This will enable us to configure the integration correctly on the backend.
Our team will respond back as soon as possible to get the integration started.
Further Configuration Steps
Once the Workstream team has set up SAML for your app, there are a few additional configuration steps you will need to take:
Configure SAML attributes
Set up SCIM Provisioning (optional)
Assign the appropriate users to the Workstream app
Once these steps have been completed, your Workstream app should be ready to use with SAML 2.0 via Okta.
SAML Attributes
The following SAML attributes are supported. To make registration quicker for users, it's best to map as many attributes as you can. At a minimum ensure the attributes marked required are mapped.
Name | Value | Required? |
user.email | required | |
given_name | user.firstName | required
|
family_name | user.lastName | required |