Control SAML Support
Status: Preview
by Robert Plamondon
Last updated on April 23, 2024
Workspot Control supports SAML sign-in for Control users. If your organization prefers SAML, consider enabling it.
Limitations
- This is a selective feature: contact Workspot to enable it.
- SAML sign-in is currently supported only on Control. For example, Watch and Trends do not support SAML.
- Control does not support SAML and Entra ID (Azure AD) sign-ins at the same time. You must choose one or the other.
Configuring SAML
This article assumes you are familiar with SAML configuratoin in general.
To configure SAML Control sign-in:
- Go to “Setup > SAML” in Control. If you don’t see a “Setup > SAML” tab, SAML is not enabled for your deployment. Contact Workspot.
- Enter the Sign-On Service URL, Entity ID, and Sign-Out Service URL from your SAML provider.
- If your SAML provider is configured to support Assertion Encryption, set to “Yes.” Otherwise, set to “No.”
- Upload your SAML provider’s public X.509 certificate by pressing “Update File” on the “X.509 certificate” line.
- IF your SAML provider wants SAML Assertion and Metadata URLs, copy them into the configuration of your SAML provider from the “SAML Assertion/Metadata URLs” line.
Note: If you are using Microsoft Entra ID (Azure AD) as your SAML provider, use the following URL as the sign-out URL: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0. The default sign-out URL provided by Microsoft may result in error messages when signing out from Control.