To help simplify and secure operations on client teams with many accounts, Upwork offers Single Sign-On (SSO) capabilities by leveraging Security Assertion Markup Language (SAML).

SAML is a markup language that lets users log into applications based on their sessions in other contexts where organizations are aware of the user’s identity. When users are already logged in to the Active Directory of their organization, as an example, organizations can leverage that information to log their users in to other applications.

By using SAML specifications, clients can achieve SSO for their users. SSO allows users to login once, and the same credentials will be reused to log into other service providers.

How does Single Sign-On work?

To understand how Single Sign-On works, read through the following hypothetical example:

Consider that you work for a shoe company (for example, SoleShoe) and your shoe company sells shoes to a big retailer chain (AwesomeMart). As an employee of SoleShoe, you need to access an application provided by AwesomeMart. The application would help you to manage sales and monitor various bottlenecks involved with the supply chain. In such a case, AwesomeMart must control the user authentication for their application access.

A simple solution requires that AwesomeMart provide separate login credentials to all the appropriate users at SoleShoe. However, AwesomeMart has other suppliers as well; maintaining that information for multiple users across many organizations is complex.

An effective solution would require that all the suppliers federate their user credentials with AwesomeMart. Thus, SSO provides a secure way for AwesomeMart (the Service Provider) to externalize authentication by integrating with the existing identity infrastructure of SoleShoe (the Identity Provider). Business use cases like this contributed to the development of federated protocols, such as SAML.

Single Sign-On in Upwork with SAML 2.0

With SSO in Upwork, your employees can access the Upwork platform by using your company’s credentials. This way, employees do not need to register and set up their own separate employee profile in Upwork.

In this case, Upwork is the Service Provider (SP) who allows users from different enterprises to access the platform. Once Upwork receives a SAML response from the Identity Provider (IdP) of your company, it validates if the user exists. If the user account exists, Upwork lets the user access the platform. However, if the user account does not exist, Upwork creates an account automatically for that user.

Sign on with SAML

SAML Terms

These are common SAML terms that may assist you during set-up.

Term Definition

Service Provider (SP)

The entity that provides the service. Upwork is a service provider that lets users from different enterprises access the Upwork platform without requiring them to log into Upwork separately. SPs never directly interact with the IdP, and a browser acts as the agent to carry out all the redirections.

Identity Provider (IdP)

The entity that provides the identities to the service provider. The IdP contains the user profile, such as first name, last name, job code, phone number, etc. Note that different SPs might require different profile information.

SAML Request

The authentication request that is generated by the SP.

SAML Response

The authentication response sent by the IdP. Such a response contains information about the user, such as user profile information and group/role information.

SP-Initiated login

The SAML login flow that is initiated by the service provider. This flow is triggered whenever users try to access secure information in the service provider’s application.

IdP-Initiated login

The SAML login flow that is initiated by the identity provider. This flow is triggered when an IdP initiates a SAML response that is redirected to the SP to assert the user's identity.

Was this article helpful?

0 out of 0 found this helpful
{"global":{"message":"We are aware of reports of inaccurate withdrawal schedule notification emails, and have taken steps to rectify the issue. Your withdrawal schedule has not changed. You can confirm your withdrawal schedule by visiting the Get Paid section in your account settings.","icon":"info","start":"","end":""},"responsive":[{"message":"","country":"All","usertype":"all","icon":"info","start":"","end":""},{"message":"","country":"All","usertype":"all","icon":"info","start":"","end":""}]}