The procedure described on this page applies only to organizations that are not yet onboarded to the Adobe Admin Console.
If your organization has been onboarded to the Adobe Admin Console, see Platform-based administration differences (Adobe Workfront/Adobe Business Platform).
Adobe Workfront single sign-on (SSO) supports the integration with Azure Active Directory. You configure Workfront SSO with Azure Active Directory using the Security Assertion Markup Language (SAML) 2.0 option in Workfront.
You must have the following access to perform the steps in this article:
|Adobe Workfront plan||Any|
|Adobe Workfront license||Plan|
|Access level configurations||
You must be a Workfront administrator.
NOTE: If you still don't have access, ask your Workfront administrator if they set additional restrictions in your access level. For information on how a Workfront administrator can modify your access level, see Create or modify custom access levels.
To configure Workfront Single Sign-On with Azure Active Directory, you need the following items:
Workfront is not responsible for setting up and troubleshooting your Azure Active Directory configuration. You must have an in-house system administrator that manages that part of the integration, in addition to a Workfront administrator.
To configure the integration of Workfront SSO with Azure Active Directory, you need to add Workfront from the Azure gallery to your list of managed SaaS apps.
Go to the following URL to access the Azure Portal: https://portal.azure.com/
In the Azure Portal, on the left navigation panel, click the Azure Active Directory icon.
Navigate to Enterprise applications. Then go to All applications.
To add a new application, click the New application button on the top of the dialog.
In the search box, type Workfront.
In the results panel, select Workfront, and then click Add button to add the application.
In the Azure Portal, on the Workfront application integration page, click Single sign-on.
On the Single sign-on dialog box, select Mode as SAML-based Sign-on to enable Single Sign-On.
In the Workfront Domain and URLs section, specify the following information:
Sign-on URL: your Workfront URL using the following pattern: https://
Identifier: your Workfront SAML 2.0 URL using the following pattern: https://
In the SAML Signing Certificate section, click Certificate(Base64) and then save the Certificate file on your computer.
In the Workfront Configuration section, click Configure Workfront to open Configure sign-on window.
Copy the Sign-Out URL andSAML Single Sign-On Service URL from the Quick Reference section.
Log in to Workfront as a Workfront administrator.
Click the Main Menu icon in the upper-right corner of Adobe Workfront, then click Setup .
At the bottom of the left panel, click System > Single Sign-On (SSO).
Click the Type box, then click SAML 2.0.
Select the check box next to Service Provider ID, then specify that ID using the following format:
Paste the SAML Single Sign-On Service URL into the Login Portal URL field.
Paste the Single Sign-Out URL into the Sign-Out URL field.
Specify the Change Password URL.