Configure SAML authentication

Security Assertion Markup Language (SAML) authentication allows you to use common external identity providers (IdP) to authenticate usernames and passwords for Workforce Optimization, the service provider (SP). This method of user authentication and password management is commonly referred to as single sign-on (SSO).

After SAML authentication is configured through your external IdP, the metadata needs to be downloaded, exported, and configured in Workforce Optimization. See Set up IAM authentication for information on configuring your IdP in Workforce Optimization.

IMPORTANT   If the user’s email address is not mapped to the “mail” attribute on your external IdP, then you need to contact Provider Professional Services and tell the Provider representative the name of the attribute that contains the user email.

NOTE   If your IdP X.509 certificate is changed, for reasons such as a new expiration date, you need to provide the new X.509 certificate or the new SAML metadata file to Provider Professional Services. Otherwise, users cannot login.

NOTE   Tenant administrators who have been added by a system administrator can always log in using their Workforce Optimization credentials. This is true even if Workforce Optimization authentication is disabled and another form of authentication (SAML or Active Directory) is enabled.

Related topics