SAML SSO Azure AD: Implementation Guide
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. Azure AD provides a SAML SSO service that allows users to enter login information once and then access all work applications and tools, including Wrike, without being prompted to log in to each of them.
More information, including details of the benefits and limitations of setting up single sign-on, can be found on our SSO help page.
You'll need your account ID to set up the integration. To find it, log in to your Wrike account via a browser and locate the numbers between “acc=” and “#” in the address bar.
For example, account ID 123456 would look like this in the address bar: https://www.wrike.com/workspace.htm?acc=123456#...
Note: After you go through all the steps of the setup in your Azure account, you'll still need to contact Wrike Support to finalize the integration.
Go to the Azure portal and log in to your admin account.
Select Azure Active Directory from the left-hand navigation panel.
Select Enterprise applications from the list.
Next, select All applications.
Click New application at the top of the page.
Scroll to the Add from gallery section and search for Wrike using the search bar, or select it from the list below.
Click Add from the bottom-right corner. The application is added.
Select Single sign-on from the left-hand panel.
Select a single sign-on method. To integrate Azure with Wrike, you need to select SAML from the list.
In the next window, locate the Basic SAML Configuration section and click the pencil icon in the upper-right corner.
In the window that opens, enter the following information:
In the field under Identifier (Entity ID), enter: https://www.wrike.com/account/your_account_ID
In the field under Reply URL (Assertion Consumer Service URL), enter the URL string https://login.wrike.com/saml/SSO/account/your_account_ID and make this URL the default one using the checkbox to the right.
The “SSO” part of the URL must be capitalized.
Leave the fields Sign on URL, Relay State, and Logout URL blank.
Click the Save button at the top.
Then click X in the upper-right corner to move to the next step.
Scroll down to the User Attribute and Claims section and click the pencil icon in the upper-right corner.
In the window that opens, click the Email address claim.
In the Source attribute drop-down menu, select user.mail.
Click Save at the top of the window.
Close the current window by clicking the X in the upper-right corner.
Click Save again to save the User Attribute and Claims settings.
Then click the X icon in the upper-right corner to move to the next step.
Scroll down to the SAML Signing Certificate section.
Click Download located next to the Federation metadata XML.
The generated XML file is downloaded. Upload the generated metadata from the file to your Wrike account as described in the "Enable single sign-on" section on this page, and then contact Wrike Support to finalize the setup.
Once Support receives your request, they’ll finalize the SAML integration setup for you. As soon as the integration is finalized, the SAML login flow between Wrike and Azure AD will be fully supported.