Configuration Guides

Configuring SAML SSO with Wrike and PingOne

Learn how to configure SAML SSO with Wrike and PingOne.

Before you begin

You must have Business Level permissions to configure SAML.

About this task

Learn more about Wrike and SSO in the SAML SSO: Implementation Guide in the Wrike documentation.

This is a tested integration

Download the Wrike metadata

  1. Sign on to your Wrike admin account and in the upper right-hand corner, select your name and then Settings.

  2. Go to Security → Setup SAML SSO.

  3. In the Set up your identity provider list, select Other.

  4. Download the service provider (SP) metadata:

    Choose from:

    • Click Download XML file.

    • Copy the metadata link.

  5. Click Next.

Import the metadata into PingOne

  1. In a new tab, sign on to your PingOne SSO admin account and go to Connections → Applications and click the icon.

  2. On the New Application page, click Advanced Configuration, and on the SAML line, click Configure.

  3. On the Create App Profile page, enter the following information:

    • Application Name

    • Optional: Description

    • Optional: Icon

  4. Click Save and Continue.

  5. The Configure SAML Connection page allows for a few options to configure the SP metadata in PingOne. Only one of the following is required to import the metadata:

    Choose from:

    • Click Import Metadata to import the metadata file that you downloaded in the previous procedure.

    • Click Import from URL to upload the copied link from the previous procedure.

    • If you know the Wrike SP metadata details, manually enter the required information.

    All required information is filled out if you choose Import Metadata or Import From URL except for the SUBJECT NAMEID FORMAT.

    You must update the SUBJECT NAMEID FORMAT to urn:oasis:nams:tc:SAML:1.1:nameid-format:emailAddress. If you set this to something else, you’ll get a connection error.

  6. Click Save and Continue.

  7. On the Attribute mapping page, add the following attributes and mark all as Required.

    • firstName

    • lastName

    • NameID

    The PingOne User Attribute for the saml_subject must be updated to Email Address and not User ID.

  8. Click Save and Close.

  9. On the Applications page, click the Configuration tab and copy the URL on the IDP METADATA URL line.

  10. On your Wrike tab, paste the URL that you copied in the previous step into the Use URL to provide XML field and click Next.

  11. Click Enable SAML settings to finalize the configuration of the SAML connection.

    You’ll receive a verification email providing you with a 6-digit code.

  12. Copy and paste the 6-digit code into the confirmation box to verify the connection and then click Confirm to finalize set up.

    A page with information on testing opens.

    Although this page provides you with information on testing the SAML SSO set up, follow Test the integration to test your integration.

  13. Click Save.

Create and assign identities in PingOne

If you’ve already assigned identities and groups in PingOne, go to Test the integration.

  1. In PingOne, go to Identities → Groups and click the icon next to Groups.

  2. On the Create New Group page, enter values for the following:

    • Group Name (Required)

    • Description (Optional)

    • Population (Optional)

  3. Click Finish & Save.

  4. To add identities to the group, on the Identities tab, go to Users → + Add User.

  5. On the Add User page, enter the necessary information for a user.

    Verify the first name, last name, and email address are correct, as these are values passed in the SAML assertion.

  6. Click Save.

  7. Assign the user that you created to the group that you created previously.

    Locate the user you created and:

    1. Expand the section for the user.

    2. Select the Groups tab.

    3. Click Add.

  8. In the Available Groups section, select the group that you created and click the icon to add it to the user’s group memberships. Click Save.

  9. On the Connections tab, for the Wrike application:

    • Click the Access tab

    • Click the Pencil icon to edit the configuration

  10. Select the group that you created and add it to the Applied Groups section. Click Save.

    You’re now ready to test the integration.

Test the integration

  1. In the PingOne admin console, go to Dashboard → Environment Properties.

  2. Right-click on the Application Portal URL and open it in a private browser session.

  3. Sign on as the test user that you created and click the Wrike tile.

    You’re signed on to the user’s Wrike account using SSO and testing is complete.