This document provides guidelines on how to configure Workvivo to authenticate via Single Sign On (SSO) using OKTA as the identity provider (IdP) solution in a SAML2 SSO configuration.
If you prefer to view a video walkthrough, you can skip ahead to this section.
1. Set up Workvivo as an Okta Application
The first step to configuring Workvivo in Okta is to add it as a new app
From the Okta Admin Console, go to the Applications Tab and select ‘Create App Integration’
Select ‘SAML 2.0’ and click ‘Next’
Enter a name for the App, for example Workvivo. You have the option to choose an App logo
If you would like to hide the Workvivo App from users, select ‘Do not display application icon to users’ and click 'Next'
Configure SAML
To set up SAML you will need to fill in the below sections;
- Single sign-on URL: https://[companyname].workvivo[.com][.us][.me]/saml/acs
- Audience URI (SP Entity ID): https://[companyname].workvivo[.com][.us][.me]/saml/metadata
- Name ID Format: EmailAddress
- Application username: Email
You can also find your specific Single sign-on URL and Entity ID directly in Workvivo (step 2 below)
*Note - Depending on whether your Workvivo instance is hosted on our EU, US, or UAE data center, make sure you enter the correct domain. It will either be workvivo.com, workvivo.us, or workvivo.me. The format may also differ if your organisation has configured a custom domain name for Workvivo. If you do not know your Workvivo domain name, please contact our Support Team via the 'Submit a request' button for assistance.
Scroll to the end and click ‘Next’
For the Feedback section, Select 'It's required to contact the vendor to enable SAML'
and 'Finish'
2. Complete the configuration on Workvivo
If your full user base will be using SSO authentication for Workvivo, you can plug in the metadata directly in Workvivo.
Firstly you will need the "IT Administrator" role on Workvivo - this can be granted by a current Admin, or your Workvivo point of contact.
Once you have been granted this role, navigate to the Admin section > Authentication and System Settings.
Under Authentication Mode, choose Single Tenant SSO Only
Next, select Set up SSO Tenant
Enter a Name for your New SSO Tenant
Note: this is just a label for you to identify your sso tenant, for example 'Okta SSO Tenant'
On the next screen, you will find your specific Entity ID and ACS URL - these are the URLs you need to enter in the Okta Configure SAML fields in Step 1.
Next you will need to enter the metadata details from Okta.
For the metadata you can find these values under ‘View SAML Setup Instructions’ in your Sign On settings in Okta
1. Identity Provider Issuer → IdP Entity ID URL
2. Identity Provider Single Sign-On URL → SSO Service URL
3. X.509 Certificate → X.509 Certificate
Once those details are added, Save your configuration
3. Testing SSO
To test that SSO has been configured correctly:
- Ensure the user profile has been created on Workvivo either manually or via SCIM provisioning, and they have been added to the Assignments tab in Okta.
- Open your Workvivo URL in your browser and you should be automatically redirected to the Okta sign-in page.
- Enter your sign-in credentials.
- Once authenticated , you should be automatically redirected back to the Workvivo app.
Please note, if you have some password based users or have multiple single sign-on tenants you would need to configure these by choosing the relevant Authentication Mode under Authentication and System Settings in the Workvivo Admin panel. If you have any questions please contact our Support Team via the 'Submit a request' button, who can help assist you with this configuration.