Workfront Single Sign-On supports the integration with Azure Active Directory. You configure Workfront SSO with Azure Active Directory using the SAML 2.0 option in Workfront.
- Understanding Prerequisites for Integrating Workfront SSO with Azure Active Directory
- Adding Workfront from the Azure Gallery
- Configuring Azure Active Directory Single Sign-On
- Configuring Workfront with Azure Active Directory
Understanding Prerequisites for Integrating Workfront SSO with Azure Active Directory
To configure Workfront Single Sign-On with Azure Active Directory, you need the following items:
- An Azure Active Directory subscription
- A Workfront subscription enabled for using Single Sign-On integrations
- An Azure Active Directory system administrator
- A Workfront system administrator
NOTE Workfront is not responsible for setting up and troubleshooting your Azure Active Directory configuration. You must have an in-house system administrator that manages that part of the integration, in addition to a Workfront system administrator.
Adding Workfront from the Azure Gallery
To configure the integration of Workfront SSO with Azure Active Directory, you need to add Workfront from the Azure gallery to your list of managed SaaS apps.
To add Workfront from the gallery:
- Navigate to the following URL to access the Azure Portal: https://portal.azure.com/
-
In the Azure Portal, on the left navigation panel, click the Azure Active Directory icon.
-
Navigate to Enterprise applications. Then go to All applications.
-
To add a new application, click the New application button on the top of the dialog.
-
In the search box, type Workfront.
-
In the results panel, select Workfront, and then click Add button to add the application.
Configuring Azure Active Directory Single Sign-On
-
In the Azure Portal, on the Workfront application integration page, click Single sign-on.
-
On the Single sign-on dialog box, select Mode as SAML-based Sign-on to enable Single Sign-On.
-
In the Workfront Domain and URLs section, specify the following information:
- Sign-on URL: your Workfront URL using the following pattern:https://<companyname>.my.workfront.com
- Identifier: your Workfront SAML 2.0 URL using the following pattern:https://<companyname>.my.workfront.com/SAML2
-
In the SAML Signing Certificate section, click Certificate(Base64) and then save the Certificate file on your computer.
-
Click Save button.
-
In the Workfront Configuration section, click Configure Workfront to open Configure sign-on window.
-
Copy the Sign-Out URL and SAML Single Sign-On Service URL from the Quick Reference section.
Configuring Workfront with Azure Active Directory
- Log in to Workfront as a system administrator.
- Navigate to the Setup area in the Global Navigation Bar.
- Expand System, then click Single Sign-On (SSO).
- Select SAML 2.0 for the Type field.
- Specify the Service Provider ID in the following format:
https://<companyname>.my.workfront.com/SAML2 - Paste the SAML Single Sign-On Service URL into the Login Portal URL field.
- Paste the Single Sign-Out URL into the Sign-Out URL field.
- Specify the Change Password URL.
- Click Save.
Thank you for taking the time to provide feedback. We appreciate and value your contribution to our site. Feedback provided here is regularly reviewed by our Product Documentation team. Please ensure your comments are specific to improving this help article. Any questions or requests outside this help article content should be directed to our Community User Forum or by submitting a ticket to customer support.