May 14, 2020
We're pleased to present our Single Sign-On Enhancement Feature Release!
Single Sign-On (SSO) has become the norm in our industry because it provides for the centralized administration of user access and gives users a single set of credentials to be used for all their applications.
While Workplace has supported SSO for many years, our implementation allowed you to log in with SSO credentials as an additional authentication method when logging into Workplace Online.
With this update, Workplace moves to an industry-standard implementation of SSO in which Workplace will require SSO credentials to install Workplace and for all access to Workplace.
When SSO is enabled, users will only be able to access and/or install Workplace with their SSO credentials unless they (or the group they are a member of) has been exempted from SSO. Exemptions are configured using the new SSO Login Exclusions list on the SSO configuration page.
IMPORTANT If you already have SSO enabled, the All group will automatically be added to the exemption list. We've done this to ease your transition to our new implementation of SSO and ensure that users don't encounter frustration when logging in immediately after SSO is enabled. But in order for SSO to function as it is intended, you must manually edit the SSO Login Exclusions list, as described here: Manage the SSO login exclusions list.
Devices already connected to the Workplace service at the moment you enable SSO will remain connected, even if the user’s SSO account is disabled. If you don't want a user to connect to the Workplace service, their Workplace account must be disabled or deleted.
Active Directory credentialing requirements take precedence over Workplace credentialing requirements. SSO, when enabled, now takes precedence over both. In addition, users for whom SSO is enabled (they are not on the SSO Login Exclusions list) will not have to use If SSO is enabled, the 2FA policy will be ignored (for all users forced to use SSO — ie. not on the exemption list
NOTE If you are using the Entra ID (formerly Azure) method of the Workplace AD integration, we strongly recommend additionally enabling the SSO integration - this will allow for users to access and/or install Workplace when Multi-Factor Authentication (MFA) is enabled on their Entra ID accounts.
For more information, please refer to Single sign-on integration guide.