All articles

SSO with Azure

Azure integration is available on Wrike Enterprise accounts.

⏱ 1 min read

Overview

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. Azure AD provides a SAML SSO service that allows users to enter login information once and then access all work applications and tools, including Wrike, without being prompted to log in to each of them.

Please note, that user attribute provisioning can be set up only with the help of our Support Team. More information, including details about the benefits and limitations of setting up single sign-on, can be found on our SSO help page.

Important Information

  • Note! The configuration of single logout for Azure AD is not supported.

Set Up Azure AD SSO Integration

Before you begin

  • You'll need your account ID to set up the integration. To find it, log in to your Wrike account via a browser and locate the numbers between “acc=” and “#” in the address bar – this is your account ID.
    For example, account ID 123456 would look like this in the address bar: https://www.wrike.com/workspace.htm?acc=123456#... 
  • Please note: After you go through all the steps of the setup in your Azure account, you'll still need to contact Wrike support to finalize the integration.

Set up the integration

  1. Go to the Azure portal and log in to your admin account.
  2. Select Azure Active Directory from the left-hand navigation panel.
  3. Select “Enterprise applications” from the list.
  4. Next, select “All applications”. 1
  5. Click “New application” at the top of the page. 2azure_1_step.png
  6. Scroll to the “Add from gallery” section and search for Wrike using the search bar, or select it from the list below.
  7. Click “Add” from the bottom right-hand corner. The application is added.
  8. Select “Single sign-on” from the left-hand panel. 3
  9. Select a single sign-on method. To integrate Azure with Wrike you need to select SAML from the list. 4azure_2_step.png
  10. In the next window, locate the “Basic SAML Configuration” 5 section and click on the pencil icon in the upper-right corner.
  11. In the window that opens, enter the following information:
    • In the field under “Identifier (Entity ID)” 6 enter https://www.wrike.com/account/your_account_ID
    • In the field under “Reply URL (Assertion Consumer Service URL)” 7, enter the following three URL strings:
      • https://login.wrike.com/saml/SSO/account/your_account_ID - make this URL the default one using the checkbox to the right
      • https://www.wrike.com/saml/SSO/account/your_account_ID
      • https://app-eu.wrike.com/saml/SSO/account/your_account_ID
        NOTE: the “SSO” part of all URLs must be all uppercase letters.
  12. Leave the fields “Sign on URL”, “Relay State”, and “Logout URL” blank.
  13. Click the “Save” 8 button at the top.
  14. Then click “X” in the upper-right corner to proceed to the next step.

SSO_With_Azure_-__Basic_SAML_Configuration_1.png

  1. Scroll down to the “User Attribute and Claims” section and click on the pencil icon in its upper-right corner.
  2. In the window that opens, click on the “Emailaddress” claim. 
  3. In the "Source attribute" drop-down menu select “user.mail”.
  4. Click “Save” at the top of the window.
  5. Close the current window by clicking the “X” in the upper-right corner.
  6. Click “Save”, again, to save the “User Attribute and Claims” settings.
  7. Then click the “X” icon in the upper-right corner to proceed to the next step.
  8. Scroll down to the “SAML Signing Certificate” section.
  9. Click “Download” 9 located next to the “Federation metadata XML”.
  10. The generated XML file is downloaded. You can upload the generated metadata from the file to your Wrike account as described here, and then contact support to finalize the setup.
    Alternatively, you can send the generated XML file to Wrike support and indicate the date on which you’d like your integration to start working. You can also add the exact time when the integration should be enabled (in that case, please also provide your time zone).

Once the support receives your request, they’ll finalize the SAML integration setup for you. As soon as the integration is finalized you will be able to access Wrike from within your Azure AD.

0 comments

Article is closed for comments.

Top