Learn how to configure SAML SSO with Wrike and PingOne.
You must have Business Level permissions to configure SAML.
For more information about Wrike and SSO, see the SAML SSO: Implementation Guide in the Wrike documentation.
This is a tested integration
- Sign on to your Wrike admin account and in the upper right hand corner, select your name and then Settings.
- Go to .
- In the Set up your identity provider list, select Other.
Download the service provider (SP) metadata:
- Click Download XML file.
- Copy the metadata link.
- Click Next.
- In a new tab, sign on to your PingOne SSO admin account and go to and click the + icon.
- On the New Application page, click Advanced Configuration, and on the SAML line, click Configure.
On the Create App Profile page, enter the following:
- Application Name
- Optional: Description
- Optional: Icon
- ClickSave and Continue.
The Configure SAML Connection page allows for a few
options to configure the SP metadata in PingOne. Only one of the
following is required to import the metadata:
- Click Import Metadata to import the metadata file that you downloaded in step 4.
- Click Import from URL to upload the copied link from step 4.
- If you know the Wrike SP metadata details, you can manually enter the required information.
All required information is filled out out if you choose Import Metadata OR Import From URL except for the SUBJECT NAMEID FORMAT. You must update this to urn:oasis:nams:tc:SAML:1.1:nameid-format:emailAddress. If set to another setting, you will get a connection error.
- Click Save and Continue.
On the Attribute mapping page, add the following
attributes and mark all as Required.
The PingOne User Attribute for the saml_subject must be updated to Email Address and not User ID.
- Click Save and Close.
- On the Applications page, click the Configuration tab and copy the URL on the IDP METADATA URL line.
- On your Wrike tab, paste the URL that you copied in the previous step into the Use URL to provide XML field and click Next.
Click Enable SAML settings to finalize the configuration of the SAML
You'll receive a verification email providing you with a 6-digit code.
Copy and paste the 6-digit code into the confirmation box to verify the
connection and then click Confirm to finalize set up.
A page with information on testing opens.Note:
Although this page provides you with information on testing the SAML SSO set up, follow the testing steps beginning with step 19 to test your integration.
- Click Save.
Before you test the integration, you must create and assign identities in
If you've already assigned identities and groups in PingOne, go to step 20.
- In PingOne, go to and click the + icon next to Groups.
On the Create New Group page, enter values for
- Group Name (Required)
- Description (Optional)
- Population (Optional)
- Click Finish & Save.
- To add identities to the group, on the Identities tab, go to .
On the Add User page, enter in all the necessary
information for a user.
Verify the first name, last name, and email address are correct, as these are values passed in the SAML assertion.
- Click Save.
Assign the user that you created to the group that you created
previously. Locate the user you created and:
- Expand the section for the user.
- Select the Groups tab.
- Click + Add.
- In the Available Groups section, select the group that you created and click the + icon to add it to the user’s group memberships. Click Save.
On the Connections tab, for the Wrike
- Click the Access tab
- Click the Pencil icon to edit the configuration
Select the group that you created and add it to the Applied
Groups section. Click Save.
You’re now ready to test the integration.
- In the PingOne admin console, go to .
- Right-click on the Application Portal URL and open it in a private browser session.
Sign on as the test user that you created and click the Wrike tile.
You’re signed on to the user’s Wrike account using SSO and testing is complete.