Technical FAQs about Workshare SSO

Note: Each Workshare account is tied to a unique email domain (e.g. mintonslaw.com). Any user with an email address that shares the same domain will be auto-grouped into that Workshare account.

With the “Sign in with Microsoft work account” feature, Workshare takes the primary SMTP address associated with the user's Microsoft work account. If one of your users already has a Workshare account with an email address that’s different from the primary SMTP address, we recommend that the user signs in with their Workshare credentials to avoid ending up with two Workshare accounts.

What's the difference between enabling my users to sign in with their Microsoft work account and configuring SSO?

All users are enabled to sign in with their Microsoft work accounts. There's a button on the Workshare sign in page called Sign in with Microsoft work account. Users have the option to use this button and sign in with their Microsoft user name and password or to use the regular Email address field and enter their Workshare email address and password.

Note: If you're using Office 365, you'll need to turn on Integrated Apps to enable your users to sign in with Microsoft.

The sign in page (my.workshare.com/#signin) has a field called "Email address" and below that, a button that says "Sign in with Microsoft".

Admins can require their users to sign in to Workshare using their Microsoft work account credentials. This is called single sign-on (SSO). SSO is beneficial because users only need to remember one user name and one password, and if an employee leaves, IT only need to change a single password or disable a single account.

How do I configure SSO?

To read the instructions on configuring SSO for Workshare, see Configure Workshare SSO.

How do I enable users to sign in with Microsoft when I'm using Office 365?

Note: If you are using Azure without Office 365, you don’t need to do anything.

Turn on Integrated Apps in Office 365:

Sign in to Office 365 using your work account.
Go to the Office 365 admin center, click Dashboard > External Sharing > Sharing Overview.
On the Sharing Overview page, under Integrated apps, use the toggle to turn Integrated Apps on if it’s not toggled on already.

This image shows the "Integrated Apps" dialog. The option says, "Let people in your organization decide whether third-party apps can access their Office 365 information". There's a toggle to the right of the option that you can toggle on or off.

Which credentials does Workshare need?

The user signs in with their Microsoft work account user name, also known as the User Principal Name (UPN), and their password. Workshare looks up their UPN in Azure AD and finds the user’s primary SMTP address (proxyAddresses attribute). Workshare then checks to ensure the domain of the primary SMTP address matches the domain of the UPN. If it does, Workshare uses the primary SMTP address as the unique email address for that user’s Workshare account. If it doesn't, the user will see an error message that says Email address required.

Note 1: If you are paying for an Exchange license, Exchange automatically provides an SMTP address for each of your users.

Note 2: The Sign in with Microsoft work account feature can only be used with a primary SMTP, so it is not possible to use hotmail.com or outlook.com email credentials.

To find someone’s credentials via Active Directory Users and Computers

Open Active Directory Users and Computers.
Locate the user and double-click their name.
Go to the Account tab. The user’s name is listed under User logon name.

This image shows what you'll see when you go to the "Account" tab of the user's properties. The first field is "User logon name".

Go to the Attribute Editor tab.
Locate proxyAddress and click Edit. The primary SMTP address begins after “SMTP” in capital letters.

The example shows "SMTP:elizabeth.morris@mintons.com" listed in the "Values:" field.

To find someone’s credentials via the Office 365 admin center

Sign in to Office 365 using your work account.
Go to the Office 365 admin center, click Home > Active users. The User name is listed in the second column.

This image shows the page that you will see when you go to Home > Active users.

Select a user. Their primary SMTP address is shown next to Email address.

This image shows what you'll see when you select a user.

How do my users create a Workshare account with their work credentials?

The first time the user signs in to Workshare with their work credentials, an account will be created for them based on the primary SMTP associated with their UPN. The user does not need to do anything more to validate their account. See the next question to find out how they sign in to Workshare.

Note: If there is already an existing Workshare account associated with the user's primary SMTP, the user will be logged into that Workshare account.

How do my users sign in with their work credentials to access Workshare?

Users click Sign in with Microsoft work account to be redirected to the Microsoft login page. If you have configured SSO, your users will be redirected to the Microsoft login page regardless of whether they click Sign in with Microsoft work account or they enter their email address into the Email address field.

The "Sign in with Microsoft" button appears toward the bottom of the page.

Microsoft's sign in page has a field for the user to enter their UPN and a field for the user to enter their password.

Can my users sign in to Workshare with Microsoft credentials if my organization has set up single sign-on with PingOne ?

If you have previously set up SSO for Workshare with PingOne, you can switch to SSO using Azure AD. It is important to know whether SSO is enabled or enforced.

Enabled: This means that users can sign in to Workshare using their SSO credentials or they can sign in using their Workshare credentials.
Enforced: This means that users must sign in to Workshare using their SSO credentials.

Find out more in Configure Workshare SSO.

What happens if my user enters their work account user name into the Workshare email address field?

If a user enters their Microsoft user name into the Workshare email address field, it is likely by mistake.

The email address field appears below the text that says: "Welcome, let's get started. Enter your email address to sign in or register."

When they click Continue, there are two possible scenarios:

If you have SSO configured, Workshare recognizes the email address as having SSO set up and the user is redirected to the Microsoft login page. From there, the user can sign in to their Workshare account.
If you do not have SSO configured, the user will see a message asking them to check their inbox for an email from Workshare so they can verify their email address.

The message says: "Check your inbox. We've sent an email to elizabethm@mintons.com with a link to verify your email address".

If their Microsoft user name is not a working email address, they will not be able to receive the verification email. The user should click Return to Sign in and click the Sign in with Microsoft work account button on the sign in page so they can enter their Microsoft credentials via the Microsoft log in page.

If their Microsoft work account user name (UPN) is an email address, they will receive the verification email with a link to create a password for their account. Following the link in the email and creating a password could result in one of three scenarios:

The user is redirected to their files and folders associated with their Microsoft work account credentials. This happens if the user's UPN matches their primary SMTP in Azure AD. From this point on, the user has the choice to sign in via the Workshare email address field and use their Workshare password or sign in via the Microsoft sign in page and use their Microsoft work account password.
The user is added as a new user on your Workshare account and at first they do not see any files, folders, groups or deals. This happens if the user's UPN is different from their primary SMTP in Azure AD. When you go to the Workshare Admin Console, you will see two different users - one for the UPN and one for the primary SMTP address. From this point on, if the user signs in with their Workshare credentials, they will see the files, folders, groups and deals associated with that UPN user. Likewise, if the user signs in with their Microsoft credentials, they will see the files, folder, groups and deals associated with that SMTP user.
The user is added to a different Workshare account and at first they do not see any files, folders, groups or deals. This happens if the domain of the user's UPN does not match the domain of your Workshare account. If the domain of the UPN matches a domain registered to an existing Workshare account, the user will be auto-grouped into that Workshare account. If the domain of the UPN does not match a domain registered to an existing Workshare account, a new account will be created and the user will become the owner of that account. From this point on, if the user signs in with their Workshare credentials, they will see the files, folders, groups and deals associated with that UPN user. Likewise, if the user signs in with their Microsoft credentials, they will see the files, folder, groups and deals associated with that SMTP user.

What happens if I reset a user’s password?

Resetting a user’s Microsoft work account password

When a user’s Microsoft work account password is reset, they should use their new password to sign in to Workshare.

This will not affect their Workshare password if they have one.

Resetting a user’s Workshare password

Note: It is only possible for a user to create a Workshare password if you have not configured SSO.

As an administrator of your organization’s Workshare account, you can follow these steps to force a user to reset their Workshare password: Change a user's password. The user will no longer be able to sign in with their old Workshare password and they will be sent an email with a link to create a new Workshare password. If the user has never created a Workshare password, they will receive the same reset password email. When they follow the link in the email to reset their password, they will end up creating a password.

Alternatively, a user can reset their own Workshare password. If they’re not signed in to Workshare, they can open the Workshare desktop app or go to my.workshare.com and click Forgot my password. If they are signed in to Workshare, they can click their name and go to My Settings.

Note: A user is only be able to reset their Workshare password via My Settings when they’ve previously created a Workshare password.

This will not affect the user’s password for their Microsoft work account.

For more information about Workshare passwords, see What happens if my user enters their work account user name into the Workshare email address field?

As an admin, what happens if I disable/suspend/delete a user’s work account in Azure?

When you disable, suspend or delete a user’s work account, they will no longer be able to sign in to Workshare using their work account credentials.

If you have configured SSO, this means the user will not be able to log into Workshare at all.

Note: Although the user will not be able to log into their Workshare account, the Workshare account still exists. You can delete the Workshare account by following the steps in the next question.

If you have not configured SSO, it is possible the user has a Workshare email address and password. If the user has Workshare credentials, they will still be able to sign in to Workshare using the Workshare email address field and their Workshare password. You can prevent this by suspending or deleting the user’s Workshare account via the Workshare admin console. See the next question for more information.

As an admin, how can I suspend/delete a user’s Workshare account?

To suspend a user, follow these steps and to delete a use, follow these steps.

Can I license Workshare using work account credentials?

A user licenses Workshare on their computer by signing in once. If the user signs in via the Workshare desktop app, they can use their Microsoft work account credentials.

To sign in with the desktop app:

Open the Workshare desktop app by double-clicking the desktop app icon.

The desktop app icon is the Workshare logo with the label "Workshare" underneath.

The Workshare sign in page is displayed.

Click Sign in with Microsoft work account. You are redirected to the Microsoft login page.
Enter your Microsoft work account user name and password and click Sign in.

Note: The desktop app must be installed in order to validate the license by signing in with Microsoft work account credentials. If you do not want to install the desktop app or if you do not want your users to sign in, you can use Enterprise licensing. To find out more about Enterprise licensing, see Licensing Workshare 9 for deployment.