Expand my Community achievements bar.

Latest Community Ideas Review is Out: Discover What’s New and What to Expect!

SSO + WorkFront app + external vendors

Avatar

Level 2
I've been troubleshooting this for one of our external vendors who really prefers to use the app for his task list. He's often setting up external events for us and is off-site frequently. The WorkFront app gave him a clean, easy-to-use task list. Then we turned on SSO for our company, and he is now locked out. This vendor is NOT an employee, and thus does not have a single-sign on log in. If he tries to use the app, it defaults to the SSO page. Is there any way I can set him up so that he can log in as an external user on the app? Our IT department will not set him up with an SSO login, because he's a contractor, not an employee. The web version just isn't as clean and useful on his Android phone. Any ideas or suggestions? He's at the worker access level. Thanks for any help you can give! Sherrie Voss Matthews Senior Manager, Internal Communication Corporate Communications & Marketing University Health System, San Antonio, TX sherrie.matthews@uhs-sa.com
16 Replies

Avatar

Level 10
Hi Sherrie, If you look at their profile you should be able to uncheck the box that forces SSO. You'll have to set a password for them and they would login using a login and password (like I assume they were doing before). That should work. But let me know if you have trouble.

Avatar

Level 2
That actually is unchecked, and has been, which is why I am utterly stumped. I have other vendors who can get in with no problem. ----------- CONFIDENTIALITY NOTICE: This communication is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any use, dissemination, forwarding, distribution, or copying of the communication is strictly prohibited. Please notify the sender immediately by e-mail if you have received this by mistake and delete this e-mail from your system. (University Health System)

Avatar

Level 10
Ah, then it's out of my area of expertise but I suspect you should follow up with your IT Infrastructure Tech as it might be related to how they apply the SSO (unrelated to Workfront). This is an informed guess though on my part. Maybe someone else here has a more concrete answer.

Avatar

Level 10
I would probably submit a ticket with the Workfront helpdesk and ask if anyone with an android phone can help you past this. Here's what shows up on my iPhone. Page 1: I need to enter my domain. _____ . my . workfront . com, and hit Next Page 2:Options screen with 3 option buttons: 1: Safari Browser, 2: In-App Browser and 3: Skip. The question on that page is: If your company has provided you with Mobile SSO Authetication, tap Sign in with SSO. Otherwise tap Skip. I tap Skip. Page 3: I am prompted for my username and password. When I hit the Sign in button, it takes me into the app. So... I know it's possible with the mobile app to bypass SSO. But I don't have access to Android phones so can't help you troubleshoot. -skye

Avatar

Level 1
Hello, If you recently switched to SSO and the contractor was using the mobile app previously, they may need to reset the app to designate the login type on the app (manual login vs SSO). On Android, in system settings for the phone, there will be a Workfront app listing to set permissions and uninstall and so forth. In that area there is a "clear cache" and "clear data" option which will reset the app (this is located a little differently depending on which version and/or vendor of Android). That might provide the options that Skye mentions to allow the contractor to indicate a non-SSO login now that the distinction has to be made and it wasn't necessary before. Just a guess but it certainly wouldn't hurt anything to try. David White Centene Corporation

Avatar

Level 2
Hi Sherrie, Skye's note in response is spot on. We've intentionally put effort into ensuring that, for users authorized to not require SSO, they can still log into the mobile application with Workfront credentials. Like Skye, I use iPhone and I can confirm the "Skip" button shows up there. I'm 90% sure it should show up for the Android as well. If not, please make sure his/her app is up to date and if it doesn't appear, please let us know. Thanks. Darin Patterson Workfront

Avatar

Level 7
Android user, can't take a screenshot, but can confirm. Buttons on the bottom show: "Sign in with SSO" "Skip" Dustin Martin Assigned Support Engineer Workfront

Avatar

Level 2
Thanks all! I'll share this with him and see if we can get it figured out.

Avatar

Community Advisor
Hi Sherrie, Just wanted to add that we use SSO internally, but have hundreds of external vendors that access our instance and we have to share a separate web address for them to be able to login. Our SSO users login to https://domain.my.workfront.com/ projects and our external users use https://domain.my.workfront.com/ login . We do run into confusion when an external user receives a Workfront email notification, because the included links drive them to our SSO address. There's currently no way to change those links, so we have to add this sort of text to every external user's update " To reply to this update, you may reply directly from your email client or login in to https://domain.my.workfront.com/login for more options." Hope this helps! Sheri Sheri Whitten

Avatar

Level 5
Hi, https://domain.my.workfront.com should be enough for internals :) Cheers, ImreMagyar VODAFONE Group

Avatar

Level 10
To add to what Imre said--as a system admin, I would advise internals "please use/bookmark domain . my . workfront . com" (rather than /projects) since layout templates (or their own user settings) should drive them to the landing page of their team's (or other's) choice rather than them constantly going to the project page first. -skye

Avatar

Level 7
If SSO is set up, adding /login will bypass the SSO redirect and take them to the Workfront login portal, and will direct them to their configured home page (either based off their user profile or a layout template if applied.) Just adding my $0.35. =) Dustin Martin Assigned Support Engineer Workfront

Avatar

Level 10
hey Dustin, I'm not clear on your answer. Our SSO folks are set up to "only allow saml 2.0 authentication" -- and also don't remember their passwords, so wouldn't using /login stall them at the login portal and not direct them any further along to any home page? -skye

Avatar

Level 7
Hey Skye, Adding /login will bypass SSO. Adding anything else after the .com will redirect to the SSO login portal. Dustin Martin Assigned Support Engineer Workfront

Avatar

Level 5
Exactly! :) ImreMagyar VODAFONE Group

Avatar

Community Advisor
To condense what was said above and confirm it, we use SSO internally, but for our external vendors we choose the "Do not require SAML authenticaion" for each user and we instruct the vendors to only use the URL I give them which is https://ourcustomname.my.workfront.com/login . Our internal users go to https://ourcustomname.my.workfront.com (without /project or anything else because that could theoretically conflict with layout templates which we use extensively). Richard Carlson Behr Paint Company Santa Ana, CA