Configure SAML SSO (Single Sign-On) in Content Workflow

Caution  

This article applies to customers on the Stand Alone Content Workflow plan.

SAML SSO enables you to log in to Content Workflow with credentials managed by your organization’s IDP (e.g., Microsoft Azure, Google Suite). Users can join the account simply by being part of the organization’s IDP, eliminating the need for individual invitations.

Requirements

Content Workflow supports SP-initiated SAML authentication with HTTP POST binding. Ensure your IDP supports HTTP POST bindings and configure it accordingly.

Necessary Attribute Claims

Content Workflow requires the following attribute claims during login:

Attribute Claim name for Content Workflow
First name firstname
Last name surname
Email Address email

How to Setup SSO in Content Workflow

  1. Log into your Content Workflow account >  Account Settings.
  2. Click on the SSO tab.
    • If you don’t see the SSO tab, this feature may not be available in your current plan. Contact Customer Support for assistance.
  3. Click Setup SSO.
  4. Copy the information in the following fields and add them to your IDP:
    • Service Provider ACS URL
    • Service Provider Identifier

Setup SSO in Microsoft Azure

  1. To add Content Workflow as a non-gallery app in Microsoft Azure, follow the setup instructions in the Azure AD interface. This will create the application and allow you to set up the information on the next screen.
  2. Follow the setup instructions here to configure Single Sign-On to work with Content Workflow (a non-gallery app).
  3. Map Attributes Between Microsoft Azure and Content Workflow
    Microsoft Azure Term Content Workflow Term
    Identifier (Entity ID) 
    Service Provider Identifier
    Reply URL Not Required
    Sign-on URL Service provider ACS URL
    Relay State Not Required
    Logout URL Not Required
    • Important: Content Workflow uses 'email address' as the unique identifier. If a user's email address changes in their IDP, Content Workflow will create a new user when they login to the platform.
  4. Copy the following fields for the identity provider issuer:
    Microsoft Azure Field Name Content Workflow Field Name
    Login URL SAML 2.0 Endpoint (HTTP)
    Azure AD Identifier Identity provider issuer

Customize the Login Button Text

This is the text that users will see on the login screen when logging into Content Workflow via SAML SSO. For example, you could change the login button text to Login with SAML SSO.

Default User Role

This default role is applied to new registrants when they register on Content Workflow via SAML SSO. Users can still be updated inside the Content Workflow account via the People & Groups tab.

Validate SAML Settings

  1. After configuring all fields, click Validate SAML Settings.
  2. You’ll be redirected to the Microsoft Azure portal to confirm the setup. A successful login will allow SSO activation for the account.
  3. When activated, SAML SSO will:
    • All users are required to log in using SAML SSO.
    • Notify all existing users by email.
    • Allow new users to register through the IDP.

Disabling SAML SSO

If you need to disable SAML SSO:

  1. Go to Account Settings and navigate to the SAML SSO tab.
  2. Click Turn off SAML SSO.
  3. When disabled:
    • Users without a password will be prompted to set one.
    • All users will receive an email notification.
    • Users will need to log in with their username and password.

Updated

Was this article helpful?

0 out of 0 found this helpful

We're sorry to hear that!

Find out more in our community

Need more help? Post your question in our community