You must have Business Level permissions to configure SAML.

For more information about Wrike and SSO, see the SAML SSO: Implementation Guide in the Wrike documentation.

Note:

This is a tested integration

  1. Sign on to your Wrike admin account and in the upper right hand corner, select your name and then Settings.
  2. Go to Security > Setup SAML SSO.
  3. In the Set up your identity provider list, select Other.
  4. Download the service provider (SP) metadata:
    • Click Download XML file.
    • Copy the metadata link.
  5. Click Next.
  6. In a new tab, sign on to your PingOne SSO admin account and go to Connections > Applications and click the + icon.
  7. On the New Application page, click Advanced Configuration, and on the SAML line, click Configure.
  8. On the Create App Profile page, enter the following:
    1. Application Name
    2. Optional: Description
    3. Optional: Icon
  9. ClickSave and Continue.
  10. The Configure SAML Connection page allows for a few options to configure the SP metadata in PingOne. Only one of the following is required to import the metadata:
    • Click Import Metadata to import the metadata file that you downloaded in step 4.
    • Click Import from URL to upload the copied link from step 4.
    • If you know the Wrike SP metadata details, you can manually enter the required information.
    Important:

    All required information is filled out out if you choose Import Metadata OR Import From URL except for the SUBJECT NAMEID FORMAT. You must update this to urn:oasis:nams:tc:SAML:1.1:nameid-format:emailAddress. If set to another setting, you will get a connection error.

  11. Click Save and Continue.
  12. On the Attribute mapping page, add the following attributes and mark all as Required.
    1. firstName
    2. lastName
    3. NameID
    Note:

    The PingOne User Attribute for the saml_subject must be updated to Email Address and not User ID.

  13. Click Save and Close.
  14. On the Applications page, click the Configuration tab and copy the URL on the IDP METADATA URL line.
  15. On your Wrike tab, paste the URL that you copied in the previous step into the Use URL to provide XML field and click Next.
  16. Click Enable SAML settings to finalize the configuration of the SAML connection.
    You'll receive a verification email providing you with a 6-digit code.
  17. Copy and paste the 6-digit code into the confirmation box to verify the connection and then click Confirm to finalize set up.
    A page with information on testing opens.
    Note:

    Although this page provides you with information on testing the SAML SSO set up, follow the testing steps beginning with step 19 to test your integration.

  18. Click Save.
  19. Before you test the integration, you must create and assign identities in PingOne.
    Note:

    If you've already assigned identities and groups in PingOne, go to step 20.

    1. In PingOne, go to Identities > Groups and click the + icon next to Groups.
    2. On the Create New Group page, enter values for the following:
      • Group Name (Required)
      • Description (Optional)
      • Population (Optional)
    3. Click Finish & Save.
    4. To add identities to the group, on the Identities tab, go to Users > + Add User.
    5. On the Add User page, enter in all the necessary information for a user.
      Important:

      Verify the first name, last name, and email address are correct, as these are values passed in the SAML assertion.

    6. Click Save.
    7. Assign the user that you created to the group that you created previously. Locate the user you created and:
      1. Expand the section for the user.
      2. Select the Groups tab.
      3. Click + Add.
    8. In the Available Groups section, select the group that you created and click the + icon to add it to the user’s group memberships. Click Save.
    9. On the Connections tab, for the Wrike application:
      • Click the Access tab
      • Click the Pencil icon to edit the configuration
    10. Select the group that you created and add it to the Applied Groups section. Click Save.

      You’re now ready to test the integration.

  20. In the PingOne admin console, go to Dashboard > Environment Properties.
  21. Right-click on the Application Portal URL and open it in a private browser session.
  22. Sign on as the test user that you created and click the Wrike tile.

    You’re signed on to the user’s Wrike account using SSO and testing is complete.