Top

How do I setup SSO with Azure AD? [Pro]

Follow

If you are not yet in contact with a Workable SSO implementation specialist, contact us and check out our SSO Overview article before attempting any of the steps below.

A Microsoft Enterprise Agreement for Azure AD account is required to enable this SSO option. 

1. Sign in to your Azure portal as an admin: https://portal.azure.com

azure_start.png

2. On the left navigation panel, click on the Azure Active Directory icon.

azure_new_app.png

3. Navigate to Enterprise applications. Then go to All applications. Click the New application button and then select Non-gallery application.

azure_app_name.png

4. Set the name of the application to “Workable” and click Add

azure_configure.png

5. On the Quick Start page select Configure single sign-on (required).

azure_saml_based.png

6. In the next window you’ll need to select the Single Sign-on Mode. Choose SAML-based Sign-on.

azure_subdomain.png

7. In the second section fill out the form with the following information and replace [subdomain] with your Workable subdomain. Your Workable implementation specialist will provide your subdomain via email.

  • Identifier (Entity ID): https://www.workable.com
  • Reply URL: https://www.workable.com/auth/saml/[subdomain]/callback

8. In the fourth section click on Create new certificate.

9. Optional: Set up a desirable expiration date and click Save. If no expiration date is set then the certificate will be active indefinitely. If an expiration date is set then the SSO connection to Workable will expire after that date. Users will not be able to log in and you'll need to provide Workable with an updated certificate.

useremail_field.png

10. In the User Attributes section, set the User Identifier to user.mail by selecting that option from the dropdown menu.

azure_make_new_cert.png

11. Click on the first checkbox to Make new certificate active.

azure_download_cert.png

12. Click the download option for Certificate (Base64). You’ll need to send this file to your Workable implementation specialist (along with the details in the next step) to complete the SSO setup.

13. In the fifth section click on the option to Configure. A new pane will appear. Locate the third section and copy all three entries. You’ll need the following:

  • SAML Single Sign-On Service URL
  • SAML Entity ID
  • Sign-out URL

14. Contact your Workable implementation specialist and provide them with:

  • The Certificate (Base64) file
  • SAML Single Sign-On Service URL
  • SAML Entity ID
  • Sign-out URL

We’ll finalize the setup process on our end and notify you when everything is live.

15. In your Azure account you’ll need to add the Workable app to users in order to give them access to Workable.