Understanding SSO
“Single sign-on means a user doesn't have to sign in to every application they use. The user logs in once and that credential is used for other apps too.” (Microsoft)
Workstem’s SSO integration is built on the OAuth 2.0 framework and we currently support SSO using Microsoft Azure AD as well as Okta.
How to Integrate Workstem with Microsoft Azure AD
1. Create a new Enterprise Application inside Azure AD for Workstem
2. Go to Workstem > Integrations > and choose Microsoft Azure
3. Set Up the 6 Fields
1. Route
Your route will start with https://login.microsoftonline.com/ and end with your Azure AD tenant ID. You can find tenant ID on the homepage of your Azure AD module.
2. Authorisation Path
The authorisation path is fixed: “/oauth2/v2.0/authorize”
3. Token Path
The token path is also fixed: “/oauth2/v2.0/token”
4. User Info Path
The user info path is also fixed: “https://graph.microsoft.com/oidc/userinfo”
5. Application ID
You can find your application ID on the overview page in your newly created enterprise application.
6. Secret Key
For the secret key, you can go into “App Registrations” > your newly created application for Workstem. Under “Client Secrets”, create a new client secret and copy the value. You can then paste the secret key to Workstem.
⚠️ Tip: Be sure to save the client secret value somewhere after copying! You will only be able to copy this once from inside Azure AD.
4. Assign New Users
Under Enterprise Application, go into your application and click on “Users and groups”, you can add and assign users here.
5. Configure Workstem Tenant
Inside Workstem, go to “Company”, and create a SSO Code for your account (alphanumeric without spaces). You will use this code to log in via SSO.
After you’ve done the above 5 steps, your employees can then fill in the SSO Code when choosing SSO and use their Microsoft Azure AD accounts to log into the Workstem system.