You will want to make sure you have a custom domain setup for your enterprise (setup link here: This will be the dedicated login URL for your company. If a user lands on a generic login page, they will still get redirected to this page to enter their credentials for SSO.

Getting Started

Get started by navigating to your SSO settings page:

You will need to provide three pieces of information:

  • Entity ID -  A URL that uniquely identifies your SAML identity provider. For Okta customers, it is usually formatted as:[ID from sso sign-in url]
  • Certificate - This is the certificate WorkRamp will require to verify your users identity during the sign on process. This should be provided by your SSO provider, such as Okta or OneLogin. If you have any trouble finding this certificate, contact your SSO provider or the WorkRamp team. 

Running an SSO Test

Once you have finished adding your SAML Settings, you will want to run a quick test to make sure it works

To run this test, flip on this setting and open up a new incognito tab or different browser:

IMPORTANT: Make sure you run this test in an incognito window or separate browser. Do NOT sign out of your account because you may be locked out of your account if the SSO setup is incorrect. 

You should also run this test in non-peak hours or for a short period of time. This will lock out any users if the configuration is not set up properly.

Go to your custom domain (from the prerequisite section at the top):

The login flow should take you to your Identity Provider (ie Okta) as a next steps and redirect you to WorkRamp when completed. If this does not work, the setup was incorrect and you should toggle SSO off until fixed.


Additional SSO Settings

External Users

You also have the ability to allow external users to sign in with a username and password. Users who do not have a domain listed in the Internal Domains field will be presented with a Username and Password login instead of being redirected to the SSO login page. 

Auto Provisioning

Accounts will be automatically provisioned for users signing in via SSO (SAML/OAuth) if they don't already exist. 

Note: This also applies to SSO with Google.

Sync Groups

Your groups will be synced for users signing in via SSO. If groups don't already exist, they will be created automatically.

By selecting Sync selective groups, only the group names you list will be synced and assigned to users.


Note: WorkRamp will support SAML 2.0 based Single Sign On for select accounts. For Okta, we are also listed in the Okta Application Network (OAN) that you can access via your Okta portal. 

To see if your account level offers SSO, please get in touch with your account representative.

If you have any questions, email, or leverage your chat window in the bottom right-hand corner of your screen!

Did this answer your question?