Workforce.com supports single sign-on with Microsoft Azure AD. To configure in Workforce.com, head to the integrations page.
The following steps will assist in setting up the integration in Azure AD.
To configure the integration, you must have your app administrator (or higher) head to the app registrations page in the Azure portal. You can just search ‘app registration’ in the global search bar
If you haven't configured Workforce.com yet, click new registration. If you've already completed this, skip to step 7.
In the new app registration page enter the app name 'Workforce'. Some customers like to add ‘web’ after so they know it’s not the mobile app, however, this is optional.
Now choose the supported account types for the AUTHENTICATION (this is how you also set up your Azure AD to auth users into Workforce from your AD)
The following should be your redirect URI:https://my.workforce.com/users/auth/azure_oauth2/callback
Hit register
On completion of reregistering an app, you need to get the Application (client) id from Azure, highlighted below on the overview page of the app
Next, head to branding on the next page and complete the details ensuring the home page URL is filled out with your special URL. This is the most important part. You can then optionally upload one of Workforce.com's logos.
Your special URL should look like this:https://my.workforce.com/users/preauth/azure_oauth2?company={business_name_here}
What comes after company should be nice and simple (ideally the initials of your business name. Don't use any caps or symbols etc. It is not user-facing.
Next go to the authentication menu and make sure the following is true:
- Redirect URL:https://my.workforce.com/users/auth/azure_oauth2/callbackNow head back into Workforce.com and enter your client secret and other required details. This page can be found at https://my.workforce.com/integrations/singlesignon (Your company name should be the name you used at the end of your URL earlier in step 9)
You still need to set an application admin/owner/group in Azure (if not complete already) and assign the app to the relevant users or groups.
You can assign owner(s) from the owner's tab in the side navigation of Azure
You can then add the application to users from the enterprise applications screen which you can search for from the top global search bar in Azure.
Logging in:
In the current state, you will need to access the integration via your Azure Dashboard to SSO into Workforce.com. You can vote for service provider initiation on the Workforce log-in page by voting for the feature here.