This document provides guidelines on how to configure Workvivo to authenticate via Single Sign On (SSO) using OKTA as the identity provider (IdP) solution in a SAML2 SSO configuration.
If you prefer to view a video walkthrough, you can skip ahead to this section.
1. Adding Workvivo to Okta - Setting up Single Sign On
From the Applications Tab select ‘Create App Integration’
Select ‘SAML 2.0’ and click ‘Next’
Give your app a name e.g. Workvivo provide an optional App Icon.
If you would like to hide the Workvivo App from employees please select ‘Do not display application icon to users’ and click 'Next'
Configure SAML & SSO
To set up SAML you will need to fill in the below sections;
- Single sign-on URL: https://[companyname].workvivo[.com][.us][.me]/saml/acs
- Audience URI (SP Entity ID): https://[companyname].workvivo[.com][.us][.me]/saml/metadata
- Name ID Format: EmailAddress
- Application username: Email
*Note - Depending on whether your Workvivo instance is hosted on our EU, US, or UAE data center, make sure you enter the correct domain. It will either be workvivo.com, workvivo.us, or workvivo.me. The format may also differ if your organisation has configured a custom domain name for Workvivo. If you do not know your Workvivo domain name, please contact our Support Team via the 'Submit a request' button for assistance.
Scroll to the end and click ‘Next’
For the Feedback section select 'It's required to contact the vendor to enable SAML' and 'Finish'
2. Complete the configuration on Workvivo
If your full employee base will be using SSO authentication for Workvivo, you can plug in the metadata directly on Workvivo.
Firstly you will need the "IT Administrator" role on Workvivo, an Admin can grant this role for you or your Workvivo point of contact.
Once you have been granted this role, navigate to the Admin section > Authentication and System Settings
Change the Authentication Mode to SAML
For the metadata you can find these values under ‘View SAML Setup Instructions’ on your Sign On screen in Okta
1. Identity Provider Issuer = SAML IDP Entity ID URL
2. Identity Provider Single Sign-On URL = SAML Single Sign On Service URL
3. X.509 Certificate = SAML X509 Certificate
Once configured, you will want to be sure to add test users within the Assignments tab.
Please note, if you have some password based users or have multiple single sign-on tenants please contact our Support Team via the 'Submit a request' button, who can help assist you with this configuration.