WorkTango SAML Authentication

  • Updated

Identity Provider Information

In order to proceed with setup, WorkTango requires the metadata file from your IdentityProvider. We can accept it as either a URL or file. From this file, WorkTango will be able to collect the following fields:

  • SignOnUrl: URL of the authentication endpoint for your IdentityProvider
  • LogOutUrl: URL of the sign-out endpoint for your IdentityProvider
  • Base64 Certificate: The Base64 encoded public key from your IdentityProvider’s certificate.

Configuring Your Identity Provider

You will need to configure your IdentityProvider with the following information from WorkTango’s ServiceProvider. Information from our ServiceProvider will be unique to your subdomain. The following instructions use as an example for the access point for the organization. You should substitute your domain in the place of the “worktango” subdomain below.*

  • EntityId: WorkTango’s ServiceProvider will identify itself with an EntityID constructed from your subdomain in the following form:
    <your_worktango_ subdomain>

This is case sensitive and does not include https:// at the beginning.

  • AssertionConsumerService URL: 


  • SingleLogoutService URL: https://<your_account_subdomain>

Our service provider still identifies us by our former domain only, which is owned by WorkTango. Due to this, you must use after your subdomain for your EntityID, ACS, and SLS when configuring your IdentityProvider.

NameID Format

Our ServiceProvider will expect the IdentityProvider to supply an EmailAddress or UserName in the NameID attribute. Authentication will fail if a corresponding UserName or EmailAddress is not found within our database or does not match exactly. This will require that accounts be imported into the WorkTango system before our ServiceProvider will accept them (typically via CSV import).

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Article is closed for comments.