Configuring Workfront with Azure Active Directory

Workfront Single Sign-On supports the integration with Azure Active Directory. You configure Workfront SSO with Azure Active Directory using the SAML 2.0 option in Workfront. 

Understanding Prerequisites for Integrating Workfront SSO with Azure Active Directory

To configure Workfront Single Sign-On with Azure Active Directory, you need the following items:

  • An Azure Active Directory subscription
  • A Workfront subscription enabled for using Single Sign-On integrations
  • An Azure Active Directory system administrator
  • A Workfront system administrator

NOTE Workfront is not responsible for setting up and troubleshooting your Azure Active Directory configuration. You must have an in-house system administrator that manages that part of the integration, in addition to a Workfront system administrator.

Adding Workfront from the Azure Gallery

To configure the integration of Workfront SSO with Azure Active Directory, you need to add Workfront from the Azure gallery to your list of managed SaaS apps.

To add Workfront from the gallery:

  1. Navigate to the following URL to access the Azure Portal 
  2. In the Azure Portal, on the left navigation panel, click the Azure Active Directory icon.

    Active Directory

  3. Navigate to Enterprise applications. Then go to All applications.


  4. To add a new application, click the New application button on the top of the dialog.


  5. In the search box, type Workfront.

    Creating an Azure AD test user

  6. In the results panel, select Workfront, and then click Add button to add the application.

    Creating an Azure AD test user

Configuring Azure Active Directory Single Sign-On

  1. In the Azure Portal, on the Workfront application integration page, click Single sign-on.

    Configure Single Sign-On

  2. On the Single sign-on dialog box, select Mode as SAML-based Sign-on to enable Single Sign-On.

    Configure Single Sign-On

  3. In the Workfront Domain and URLs section, specify the following information:
    - Sign-on URL: your Workfront URL using the following pattern: https://<companyname>
    - Identifier: your Workfront SAML 2.0 URL using the following pattern: https://<companyname>


  4.  In the SAML Signing Certificate section, click Certificate(Base64) and then save the Certificate file on your computer.

    Configure Single Sign-On

  5. Click Save button.

    Configure Single Sign-On

  6. In the Workfront Configuration section, click Configure Workfront to open Configure sign-on window.

  7. Copy the Sign-Out URL and SAML Single Sign-On Service URL from the Quick Reference section.

    Configure Single Sign-On

Configuring Workfront with Azure Active Directory

  1. Log in to Workfront as a system administrator.
  2. Navigate to the Setup area in the Global Navigation Bar.
  3. Expand System, then click Single Sign-On (SSO).
  4. Select SAML 2.0 for the Type field.




  5. Specify the Service Provider ID in the following format:
  6. Paste the SAML Single Sign-On Service URL into the Login Portal URL field.
  7. Paste the Single Sign-Out URL into the Sign-Out URL field.
  8. Specify the Change Password URL.
  9. Click Save.

Audited 6/27/2018

This article last updated on 2018-08-13 13:47:39 UTC