This document provides guidelines on how to configure Workvivo to authenticate via Single Sign (SSO)using Google Workspace as the identify provider (IdP) solution in a SAML2 SSO configuration. The information contained in this document is intended as a guideline only - there may be significant differences in any given Google Workspace configuration that require a different approach to be taken.
1. Set up Workvivo as a Custom SAML App
The first step to configuring Workvivo in Google Workspace is to add it is as a custom app.
From the Google Workspace Admin console Home page, go to Apps and then Web & Mobile Apps.
Click Add+ at the bottom right and then Step 1 screen appears.
Select "Add Custom SAML App"
2. Complete the configuration on Workvivo
If your full employee base will be using SSO authentication for Workvivo, you can plug in the metadata directly on Workvivo.
Firstly you will need the "IT Administrator" role on Workvivo, an Admin can grant this role for you or your Workvivo point of contact.
Once you have been granted this role, navigate to the Admin section > Authentication Settings
Change the Authentication Mode to SAML
For the metadata you can find these values by selecting Option 1 Download Idp metadata from Google Workspace
1. Entity ID = SAML IDP Entity ID URL
2. SSO URL = SAML Single Sign On Service URL
3. Certificate = SAML X509 Certificate
If you have some password based users or have multiple single sign-on tenants please contact our Support team at support@workvivo.com who will assist you with this configuration.
3. Configure the Service provider details
In this screen, add the relevant value for your company’s Workvivo installation in the “ACS URL” and “Entity ID” fields. These are as follows, replacing the domain name as appropriate with the domain for your Workvivo environment.
ACS URL: https://[companyname].workvivo[.com][.us][.me]/saml/acs
Entity ID: https://[companyname].workvivo[.com][.us][.me]/saml/metadata
Name ID: Basic Information , Primary Email
Name ID Format: Email
*Note - Depending on whether your Workvivo instance is hosted on our EU, US, or UAE data center, make sure you enter the correct domain. It will either be workvivo.com, workvivo.us, or workvivo.me. The format may also differ if your organisation has configured a custom domain name for Workvivo. If you do not know your Workvivo domain name, please contact our Support team at support@workvivo.com for assistance.
Click "Continue" to move to the next step.
Create a new mapping for Email to Basic
Basic Information: Primary Email
Click "Finish"
4. Setting up SSO with SAML
The final step is to turn the app on for all employees.
From the Admin console Home page, go to Apps and then Web & Mobile Apps and select your new Workvivo SAML app.
Click to expand the panel on the top right.
To apply settings for all users, check the 'ON for everyone' radio button and then click "Save".
To apply settings to individual organisational units, select the relevant organisational unit that contains the users whose settings you want to change from the list on the left hand side. To change the setting, elect On or Off.
5. Testing SSO
To test that SSO has been configured correctly:
- Open your Workvivo URL in your browser and you should be automatically redirected to the Google sign-in page.
- Enter your sign-in credentials.
- Once authenticated , you should be automatically redirected back to the Workvivo app.