SSO Setup FAQs

This article outlines some of the common questions and answers surrounding configuring Workzone's SSO.

NOTE: For details on setting up SSO in Workzone, check out Single Sign-On (SSO)

Sending Proper Attribute Names

Workzone's SSO requires the sending of proper assertion names. Your assertion will need to include an attribute with a name matching one of these, and the value needs to be an email address that matches an established Workzone user account:

"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"

"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

"urn:oid:1.3.6.1.4.1.5923.1.1.1.6"

"urn:oid:0.9.2342.19200300.100.1.3"

Updating your SSO Certificate

For many Single Sign-On (SSO) identity providers, there is a need to regularly update the signing certificate. Workzone doesn't allow for more than one signing certificate in the metadata. When renewing one or more certificates, avoid putting the new certificate and the old certificate in the metadata at the same time, as Workzone does not support that. Workzone uses the first certificate and ignores all the rest. If this isn't specifically followed, your Workzone site's SSO implementation may cease to function properly.

Upload your updated Identity Provider Metadata XML file to complete the updating for Workzone. Please note that every time you upload a new file, it will overwrite all previous configurations.

For any additional assistance with this, please email us at help@workzone.com or call 610-275-9861.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles