Caution
This article applies to customers on the Stand Alone Content Workflow plan.
SAML SSO enables you to log in to Content Workflow with credentials managed by your organization’s IDP (e.g., Microsoft Azure, Google Suite). Users can join the account simply by being part of the organization’s IDP, eliminating the need for individual invitations.
Requirements
Content Workflow supports SP-initiated SAML authentication with HTTP POST binding. Ensure your IDP supports HTTP POST bindings and configure it accordingly.
Necessary Attribute Claims
Content Workflow requires the following attribute claims during login:
Attribute | Claim name for Content Workflow |
First name | firstname |
Last name | surname |
Email Address |
How to Setup SSO in Content Workflow
- Log into your Content Workflow account > Account Settings.
- Click on the SSO tab.
- If you don’t see the SSO tab, this feature may not be available in your current plan. Contact Customer Support for assistance.
- Click Setup SSO.
- Copy the information in the following fields and add them to your IDP:
- Service Provider ACS URL
- Service Provider Identifier
Setup SSO in Microsoft Azure
- To add Content Workflow as a non-gallery app in Microsoft Azure, follow the setup instructions in the Azure AD interface. This will create the application and allow you to set up the information on the next screen.
- Follow the setup instructions here to configure Single Sign-On to work with Content Workflow (a non-gallery app).
-
Map Attributes Between Microsoft Azure and Content Workflow
Microsoft Azure Term Content Workflow Term Identifier (Entity ID)
Service Provider Identifier Reply URL Not Required Sign-on URL Service provider ACS URL Relay State Not Required Logout URL Not Required - Important: Content Workflow uses 'email address' as the unique identifier. If a user's email address changes in their IDP, Content Workflow will create a new user when they login to the platform.
- Copy the following fields for the identity provider issuer:
Microsoft Azure Field Name Content Workflow Field Name Login URL SAML 2.0 Endpoint (HTTP) Azure AD Identifier Identity provider issuer
Customize the Login Button Text
This is the text that users will see on the login screen when logging into Content Workflow via SAML SSO. For example, you could change the login button text to Login with SAML SSO.
Default User Role
This default role is applied to new registrants when they register on Content Workflow via SAML SSO. Users can still be updated inside the Content Workflow account via the People & Groups tab.
Validate SAML Settings
- After configuring all fields, click Validate SAML Settings.
- You’ll be redirected to the Microsoft Azure portal to confirm the setup. A successful login will allow SSO activation for the account.
- When activated, SAML SSO will:
- All users are required to log in using SAML SSO.
- Notify all existing users by email.
- Allow new users to register through the IDP.
Disabling SAML SSO
If you need to disable SAML SSO:
- Go to Account Settings and navigate to the SAML SSO tab.
- Click Turn off SAML SSO.
- When disabled:
- Users without a password will be prompted to set one.
- All users will receive an email notification.
- Users will need to log in with their username and password.
Updated