All Collections
Integrations
Single Sign On (SSO)
Single Sign On (SSO)
Updated over a week ago

Single Sign On (SSO) is an authentication scheme that allows a User to login with a single ID and password to any related, yet independent, software systems utilizing SAML 2.0. Using this authentication method, user access is controlled by your account's SSO provider rather than a separate password registered for the WorkDove application.

Once users log out or their screen session times out, they will be redirected to their SSO provider login screen.

Benefits of using SSO

  • Does not require users to set up and remember a password, reducing password fatigue

  • User access can be controlled by your SSO provider - if they cannot login there, they will not be able to login to WorkDove either

  • It will mitigate risk for access to 3rd-party sites as user passwords are not stored or managed externally

  • It reduces time spent re-entering passwords for the same identity

  • It reduces IT costs due to lower number of IT help desk calls about passwords

  • For some accounts, it could mean one portal for logging into multiple apps

How it works - Users can access WorkDove using SSO in two ways:

Logging in to your company system/portal

  • This requires their username/email and a password

  • Once logged in, visit WorkDove.com and select the Login option

  • Enter their email address that matches the email on file in the company system

  • The user will be dropped into the WorkDove dashboard

Navigate to WorkDove.com

  • Enter their email address that matches the email on file in your company system

  • If not already logged into their company portal, the login page will redirect them to their company's login page

  • Once they enter the correct credentials, or if already logged in, the user will be redirected back to the WorkDove dashboard

Click here for more information on setting up SSO with ADP.

Configuring SSO

  • WorkDove integrates with IdPs supporting the SAML 2.0 protocol.

    • This includes common providers like Microsoft Azure AD and Okta.

  • WorkDove will generate SP metadata for your account. This metadata should be imported as a New Application into your SSO portal and includes:

    • The Assertion Consumer Service URL.

    • WorkDove's X509 certificate.

    • Additional metadata defining WorkDove's SSO SP endpoint.

  • Once imported, navigate to the Claims Mappings in your SSO portal and configure the following claims:

    • Set NameID format to email.

    • Email Address, sometimes called UPN (required).

    • Partner ID, this is the ID of the user in your HRIS system (optional).

    • First Name (optional).

    • Last Name (optional).

  • After configuring the claims, generate the Federation Metadata for the WorkDove application and upload it to WorkDove's Secure Drive.

  • The WorkDove team will import your metadata and reach out to you regarding next steps. Most typically this involves testing the integration before enabling it for your entire account.

Reach out to a WorkDove team member for more information on setting up SSO for your account.

Did this answer your question?