To help simplify and secure operations on client teams with many accounts, Upwork offers Single Sign-On (SSO) capabilities by leveraging Security Assertion Markup Language (SAML).
SAML is a markup language that lets users log into applications based on their sessions in other contexts where organizations are aware of the user’s identity. When users are already logged in to the Active Directory of their organization, as an example, organizations can leverage that information to log their users in to other applications.
By using SAML specifications, clients can achieve SSO for their users. SSO allows users to login once, and the same credentials will be reused to log into other service providers.
Single Sign-On in Upwork with SAML 2.0
With SSO in Upwork, your employees can access the Upwork platform by using your company’s credentials. This way, employees do not need to register and set up their own separate employee profile in Upwork.
In this case, Upwork is the Service Provider (SP) who allows users from different enterprises to access the platform. Once Upwork receives a SAML response from the Identity Provider (IdP) of your company, it validates if the user exists. If the user account exists, Upwork lets the user access the platform. However, if the user account does not exist, Upwork creates an account automatically for that user.
SAML Terms
These are common SAML terms that may assist you during set-up.
| Term | Definition |
|---|---|
|
Service Provider (SP) |
The entity that provides the service. Upwork is a service provider that lets users from different enterprises access the Upwork platform without requiring them to log into Upwork separately. SPs never directly interact with the IdP, and a browser acts as the agent to carry out all the redirections. |
|
Identity Provider (IdP) |
The entity that provides the identities to the service provider. The IdP contains the user profile, such as first name, last name, job code, phone number, etc. Note that different SPs might require different profile information. |
|
SAML Request |
The authentication request that is generated by the SP. |
|
SAML Response |
The authentication response sent by the IdP. Such a response contains information about the user, such as user profile information and group/role information. |
|
SP-Initiated login |
The SAML login flow that is initiated by the service provider. This flow is triggered whenever users try to access secure information in the service provider’s application. |
|
IdP-Initiated login |
The SAML login flow that is initiated by the identity provider. This flow is triggered when an IdP initiates a SAML response that is redirected to the SP to assert the user's identity. |