MyWorkDrive Support

How can we help you today?

SAML Single Sign On Configuration – Okta

You are here:
< Back

MyWorkDrive SAML Overview

 

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, specifically – between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions).

MyWorkDrive Server 5.0 supports SAML based Web File Manager Single Sign On (SSO) in addition to ADFS (which is configured separately).   For SAML, MyWorkDrive acts as a Service Provider (SP) while the OKTA acts as the identity provider (IdP).

SAML Prerequisites

  • Ensure users have a upn suffix applied for domain name to match SAML Provider Login name so they can login to your MyWorkDrive server with their email address.
  • Ensure the MyWorkDrive server is trusted for delegation as per our Delegation Article
  • Setup your own public SSL Certificate and Hostname pointing to your MyWorkDrive Server over port 443 (SSL) (using our *.myworkdrive.net domain is not supported) and ensure your server is publicly accessible (note reverse proxies that rewrite URL’s will not work).  View Support Article.

Login Flow

 

The following explains the user login flow to MyWorkDrive from an identity provider (IdP):

 

  1. It is assumed all users are logging into the ldP using their UPN Suffix (eg @yourdomain.com) and it matches their Active Directory username UPN.
  2. Your MyWorkDrive server is using your own host name and SSL Certificate (*.MyWorkDrive.net is not supported for SAML).
  3. The user clicks the MyWorkDrive assertion consumer service URL (eg. https://YourMWDserver.yourdomain.com/SAML/AssertionConsumerService.aspx) as the single sign-on URL.
  4. If the user is not already logged into the ldP the MyWorkDrive server redirects the user to the SSL service to sign-in.
  5. Once confirmed the IdP service generates a valid SAML response and redirects the user back to MyWorkdrive to verify the SAML response.
  6. If the user authentication is successfully validated, they are automatically logged into their companies MyWorkDrive Web File Manager.

SAML MyWorkDrive Okta Configuration Steps

The detailed instructions for configuring Okta are here:

MyWorkDrive-Okta-SAML-IntegrationGuide

In the future we will add updated instructions and easy configuration settings using the MyWorkDrive Admin Console to simplify setup.