This article describes how to enable Single-Sign On (SSO) using a SAML 2.0 connection with Azure AD as an Identity Provider (IdP).

If you would like to integrate Worksphere with Azure AD, please reach out to


STEP 1.  From the Active Directory Enterprise Applications tab, choose New Application

  • Choose Create your own application and name the app Worksphere
  • Select the option “Integrate any other application you don't find in the gallery (Non-gallery)”
  • Under Single sign-on choose SAML 

STEP 2.  Enter the settings below. Replace YOUR-COMPANY with your company name (only A-Z and hyphens allowed) in lower case.  For example, “Acme Incorporated” becomes acme-incorporated

In the User Attributes & Claims section leave the defaults and add the following mapping:
For example, in Azure AD enter the claim like this:

STEP 3.  Under the “SAML Signing Certificate” step download the Federation Metadata XML and forward it to the Worksphere team.

STEP 4.  Copy the Login URL and Logout URL provided by Azure AD and forward it to the Worksphere team. This will typically begin with

The Worksphere team will use this information to set up the SAML connection within Worksphere so that it is ready for use.

This action needs to be done by the Worksphere team, and is not self-service. Also include the Single sign on URL and Audience URI used in Step 2.

Next Steps

The Worksphere team will let you know once the connection has been set up and is ready for testing.

IMPORTANT: It is recommended to only enable the app for user accounts that will be used in testing the SAML connection.

Only after the connection has been tested end-to-end should it be enabled in Active Directory for other users or groups.