Workfront

PhillipWa · 4/1/19

Hi All, I am trying to allow for Request submissions from non-Workfront Users. However, the Direct Access URL option will not work as our instance of Workfront requires SAML 2.0 authentication for access. Given that limitation, are there any options that will allow for outside users to submit Requests? I really like the custom forms and documentation upload that can be customized in Requests, but have run up against this roadblock. Any help would be greatly appreciated. Thanks! Phillip Waite Intermountain Health Care, Inc.

BobSl · 4/2/19

Hi Phil We auto-provision all users via SSO at first login and their default permissions give them access to the relevant queues - Raise a WF request/Request Addit Access etc Or you could pre-provision outside users manually and set their accounts not to use SSO Hope that helps Regards Bob Sleigh BT Group

EXP_-_DustinMa · 4/2/19

Hi Phillip, You can have non-SSO users log in by adding /login at the end of the URL. You can also do what Bob suggested and set up auto-provisioning with a modified layout template giving them limited visible access. By default, auto-provisioned users will be assigned a Requestor license, unless you map out access levels. I hope this helps! If you need additional assistance, please reach out to our support team and we can work with your unique needs from there. Thanks! Dustin Martin Assigned Support Engineer Workfront

JaclynRe · 4/2/19

Ultimately, any requester must have a Workfront account regardless as to whether one has SSO established in any capacity. At one point I was hopeful that non-Workfront users would be able to submit a request, but that is not possible today. We have SSO enabled, but it is not connected to Active Directory so we do not auto provision users. Our system admin does all the account creations. Therefore, when we rollout a request queue we have to first import all the potential requesters and give them the appropriate access and permissions. Ongoing, we have to ensure we communicate how new requesters will request a WF user account. Outside of your network, you can set them up so they don't have to login using SSO. You might create external WF requesters a custom layout template that lands them directly on the Requests landing page. And create a "group" that only allows them access to the queues you want them to have access to. This gets you around having to use the Direct Access URL that tries to force SSO. For external users, if you provide them with your Workfront URL and just put /login after the .com then this will send them directly to the WF login page and bypass your SSO. Setting this up requires some work on the part of the sys admin, but if done right, it is a happy experience for the end user and gives them what they need quick and easy. Jaclyn Reiter, PMP, SA Project Manager, Strategic Initiatives Equifax, Inc. St. Louis, MO 314-684-2693

PeytoYe · 4/2/19

Hi Phillip, all the other suggestions noted here are the preferred solutions. But we did have a use case where we needed to grant access to a group of people who only needed to make requests one or two times a year. We used a custom email address to create a shared login account and then use a custom form to capture their contact info. I would say this is effective only for very limited use. Otherwise, auto-provisioning from the active directory is the most efficient. Peyto Yellin CareOregon, Inc.