Single Sign-On (SSO)
      Back to home
      1. WebWork Time Tracker Help Center
      2. Settings
      3. Single Sign-On (SSO)

      SCIM and SAML Configuration

      What are SCIM and SAML? Learn here.

      Available on Plus and Premium plans. Only the Workspace Owner can enable SSO (single sign-on).

      We recommend that  you first enable SCIM and only then SAML.

      How to configure SCIM first and then SAML?

      WebWork SCIM integration features

      WebWork’s SCIM integration supports several member management features.

      • Push New Users
        • New users created through Okta will also be created in WebWork.
      • Push Profile Updates
        • Updates made to a user's profile through Okta will be pushed to WebWork.
      • Push User Deactivation
        • Deactivating a user or disabling their access to the application through Okta will deactivate the user in WebWork.

      Note: for WebWork, deactivating a user means removing access to login, but maintaining their information as an inactive user.

      • Reactivate Users
        • WebWork member accounts can be reactivated in Okta.

      How to configure SCIM?

      Note: to set up provisioning, you must first have Okta SSO enabled for your workspace. 

      1. Go to Applications > WebWork Time Tracker > Provisioning and click Configure API Integration.The Provisioning tab of the WebWork app in Okta

      2. Check the Enable API integration box to enter WebWork credentials.

      3. Go to your WebWork account > Settings > Single Sign-On.

      4. Copy SCIM Base URL and SCIM API Token.

      The single sign-on settings in WebWork

      5. Come back to Okta and paste them in respective fields.

      6. Click Test API Credentials.

      If successful, a verification message will appear at the top of the screen.

      7. Click Save.

      The WebWork API integration screen in Okta

      Enabling supported features

      1. In Okta, go to the Provisioning tab and click Edit.

      The Provisioning tab of the WebWork app in Okta showing one available setting

      2. Check the Enable boxes and click Save.

      The Provisioning tab of the WebWork app in Okta showing several available settings

      WebWork SAML integration features

      WebWork’s SAML integration supports two sign-in options:

      • IdP-Initiated SSO
      • SP-Initiated SSO

      How to configure SAML after SCIM

      1. Log in to your organization's Okta Admin Dashboard.

      2. Click on the Applications tab > Applications on the menu.

      Okta Dashboard side panel

      3. Click the Browse App Catalog button.

      Okta Dashboard Browse App Catalog

      4. In the search bar, search for WebWork Time Tracker and click on it.

      5. Click the Add Integration button.

      The WebWork app in the Okta App Catalog

      6. Configure your preferred settings and click Done.

      Adding WebWork in Okta

      7. Go to Applications > WebWork Time Tracker.

      8. Go to the Sign On tab and click Edit.

      9. Copy the Metadata URL and paste it in the IDP metadata URL field on WebWork>Settings>Single-Sign-On.Okta Metadata details pageOkta IDP metadata URL box
      10. From WebWork Single Sign On Settings, copy Audience URI (SP Entity ID) and the Single sign-on URL and paste them in the respective field on Okta.

      The Audience URI and Single sign on URL boxes in the Settings in WebWork

      11. In Okta, under Credentials Details, select Email as Application username format and click Save.

      Okta SAML configuration Credentials Details page

      Assigning users to your workspace

      To assign people, go to the Assignments tab and click Assign.The settings for WebWork in Okta

      Note: To appear on WebWork’s Members page, assigned users must first log in with SSO.

      Logging in with SP-initiated SSO

      For SP-initiated SSO, your workspace members must visit WebWork Time Tracker’s sign-in page: https://www.webwork-tracker.com/login/sso

      1. Sign in to your WebWork account

      2. Click Sign in with Okta

      3. Enter your Okta email address