Workplace can be integrated with identity providers (IdPs) for user authentication. This makes it easier for users to sign into Workplace using the same Single Sign On (SSO) credentials they use with other systems.
Single Sign On for Workplace is directly supported by the following IdPs:
Workplace supports SAML (Security Assertion Markup Language) 2.0 for SSO, so even if your IdP isn't listed you may find it's compatible as long as it supports SAML 2.0.
In order to enable SSO authentication you will need to:
Once you have successfully completed the SSO configurations all of the users provisioned in Workplace will be able to authenticate via your selected IdP.
As part of the SAML authentication process, Workplace may utilize query strings of up to 2.5 kilobytes in size in order to pass parameters to your SAML identity provider.
Based on your chosen SAML identity provider (IdP), follow the relevant links below on completing the setup installation processes:
ADFS Configuration Video:
SSO for Workplace is free as part of your Google Apps subscription.
You can choose to optionally configure a SAML Logout Url which can be used to point at your IdP's logout page. When this setting is enabled and configured, the user will no longer be directed to the Workplace logout page. Instead, the user will be redirected to the url that was added in the SAML Logout Redirect setting.
Example with ADFS:
When you now log out, you'll be logged out from both Workplace and ADFS.
You can configure Workplace to prompt for a SAML check every day, 3 days, week, 2 weeks, month or never.
The minimum value for the SAML check on mobile applications is set to one week.
You can also force a SAML reset for all users using the button: Require SAML authentication for all users now.