Symptom
We want to use a Single-Sign-On authorization method for our SaaS Workflow organisation and if it is possible, how can we enable it?
Resolution
The Workflow SSO doesn't need any additional configuration on your SAML-server, because this single-sign-on method will use the Process Manager SAML-connection.
Because of this, following options are necessary to activate the Workflow SSO:
- All workflow users need a Workflow licence via the central user management (Collaboration Hub user management)
- The Process Manager workspace has a configured SAML-connection to your SAML-server (e.g. ADFS, Azure AD, Okta)
- The checkbox "Allow service provider initiated authentication" (Setup - Manage Collaboration Hub authentication) in your Process Manager workspace is activated
Afterwards, the following URLs are triggering the SSO authentication for you to access Process Governance via SSO:
- https://<Signavio system>/<Org-Key>/cases/tasks
- https://<Signavio system>/<Org-Key>/cases/case/<Case-ID>
- https://<Signavio system>/<Org-Key>/cases/overview
- https://<Signavio system>/<Org-Key>/cases/processes
(Please change the parameter <Signavio system> to the correct Signavio URl, which you are using)
Additionally, change the parameter <Org-Key> to your Workflow organisation key (The organisation key is the number-ID / name directly after the domain name of the system (e.g. the org key for the URL https://workflow.signavio.com/57020c4762f8a009b3082416/cases/tasks/inbox would be 57020c4762f8a009b3082416)
Keywords
process-governance, sap-signavio, single-sign-on, sso, organization-key , KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To