Requiring Third-Party (Azure AD/SAML) Sign-in for Control

  • 23 March 2023
  • 1 reply
  • 276 views
WCCAdmin
Rank
Userlevel 4
Badge
  • WCCAdmin
  • Workspot Community Administrator
  • 0 replies

Requiring Third-Party (Azure AD/SAML) Sign-in for Control

 

Last updated on April 12, 2024 by Robert Plamondon

 

Note: This feature is changing significantly in Control 18.2. This article will be updated to match soon.

The use of Azure AD or SAML sign-in for Control users can be made mandatory. By default, it is optional.

This is a selective option that is not available by default. Contact Workspot to enable it for your installation.

Once configured, Control users must sign into Control using the configured third-party authentication service (Azure AD or SAML).

As the sole exception to this rule, a single account can sign into Control as before. This account is the Designated Administrator and is used in case of problems with the third-party configuration.

Note: This feature does not apply to the Control API, just the Control UI.

 

Procedure

To use this feature:

  1. Configure and thoroughly test third-party authentication in its optional form before making it mandatory.
  2. Go to “Setup > Configuration > Authentication and Registration.”
  3. At the bottom of the “Authentication and Registration” section, set “Control Authentication” to “Azure AD (Entra ID)” or “SAML.”
  4. If you don’t see “Control Authentication,” contact Workspot to have the feature enabled.

 

To use this feature:

  1. On the “Setup > Configuration” page, go to the “Access > Control Access” section and select an account to use as the Designated Administrator and select the “Authenticate using third-party identity provider only” checkbox.
  2. When the Alert popup appears, read the text carefully. Third-Party Control Sign-in cannot be disabled without assistance from Workspot. If you select “Yes”:
    • All administrators will be logged off (including yourself).
    • Control users (except the Designated Administrator) can no longer log in using Local (AD or Control-only) sign-ins.
  3. Go to “Setup > Configuration > Authentication and Registration.”
  4. At the bottom of the “Authentication and Registration” section, set “Control Authentication” to “Azure AD (Entra ID)” or “SAML.”
  5. If you don’t see “Control Authentication,” contact Workspot to have the feature enabled.

 

Verification

1 reply

J
Rank
Userlevel 1
Badge

If you have questions on configuring this page

 

Please refer to the instructions here: Tutorial: Microsoft Entra integration with Workspot Control | Microsoft Learn, for details on how to do this with AAD/ Entra.  If you are using a SAML provider that is not AAD, this article should guide you on the information required from your SAML provider. 

Specifically refer to this section:

 

 

Reply


Terms & ConditionsCookie settings