Skip to main content

How to Access and Use the WorkOS Admin Portal

Manage your organisation’s SSO, directory sync, domains, and authentication logs via the WorkOS Admin Portal in Ventrata.

Updated this week

The WorkOS admin portal is integrated into the Ventrata dashboard and allows admin users to manage their organisation's authentication and domain(s).


Access Admin Portal

From here, you can configure Single Sign-On (SSO), manage directory sync, review authentication logs, and more.

  1. In the Ventrata dashboard, go to [user_name] > Account Settings.

    Account Settings

  2. Click Admin and select Edit Account.

    Edit Account

  3. In the pop-up window, you will see several WorkOS options for managing your organisation.


Options in the Admin Portal

The Admin Portal groups all key authentication and domain management tools in one place. Below is a quick overview of each option and how to use it.

SSO Connections

Configure and manage Single Sign-On (SSO) for your organisation.

Prerequisites:

  • You must be an admin user in Ventrata.

  • The organisation must have a verified domain.

  • Someone in your organisation with access to your Identity Provider (IdP) (for example, Azure AD, Okta, Google Workspace) is required.

📒 NOTE

Reach out to your Ventrata Customer Success Representative if you need help at any stage of the setup.

  1. In the pop-up window, select SSO Connections.

    SSO Connections

  2. Choose your IdP from the list, or select Customer SAML / Custom OIDC.

    Select Your Identity Provider

  3. If prompted, confirm the Organization in WorkOS.


    📒 NOTE

    SSO connections are tied to organisations.


  4. If your domain is not already verified, complete domain verification via DNS TXT record.


    📒 NOTE

    Domain verification must succeed before SSO can be activated. DNS changes may take time to propagate.


  5. Follow the WorkOS instructions to finish setup.

  6. Test the connection and save.

  7. Decide whether to keep SSO optional or enforce it for all users in your organisation.


Directory Sync Connections

Set up SCIM (System for Cross-domain Identity Management) to automatically sync users and groups from your IdP into Ventrata.

  1. In the pop-up window, select Directory Sync Connections.

    Directory Sync Connections

  2. Choose your IdP directory type (for example, Azure AD, Google Workspace).

    Select Your Identity Provider

  3. Follow the WorkOS instructions to finish setup.

  4. Once linked, users and groups will begin syncing automatically into Ventrata.

  5. Review synced data in the WorkOS dashboard to confirm accuracy.

📒 NOTE

Sync may take a few minutes after first connection.


Authentication Audit Logs

Review past authentication events, both successful and failed logins.

  1. In the pop-up window, select Authentication Audit Logs.

    Authentication Audit Logs

  2. Review events with details on the action taken, user and time.

    Events

  3. Use these logs to investigate suspicious activity or troubleshoot login issues.


Authentication Log Streams

Forward authentication events in real time to your own monitoring or SIEM tools.

  1. In the pop-up window, select Authentication Log Streams.

    Authentication Log Streams

  2. Enter your log ingestion endpoint (for example, Google Cloud Storage).

    Streaming Audit Log Configuration

  3. WorkOS will send JSON-formatted events as they happen.

  4. Test the stream to ensure your system is receiving events correctly.


SSO Domain Verification

Verify new domains before they can be used with SSO.

  1. In the pop-up window, select SSO Domain Verification.

    SSO Domain Verification

  2. Enter the domain you want to verify.

    Verify Your Organization Domain

  3. WorkOS provides a DNS TXT record to add at your domain registrar.

    Add DNS Records

  4. After propagation, return to WorkOS to confirm.

  5. Once verified, the domain can be enforced for SSO.


SAML Certificates Renewal

Update or rotate expiring SAML certificates for continued secure authentication.

  1. In the pop-up window, select SAML Certificates Renewal.

    SAML Certificates Renewal

  2. Upload a new certificate from your IdP before the old one expires.

  3. Confirm the update to avoid downtime.

📒 NOTE

If you encounter a 500 error here, it usually means there is no active certificate to renew - in other words, a SAML connection is not yet been set up.


📗 TIP

  • Test before enforcing: Always validate SSO or directory sync connections with a non-admin test account.

  • Stay updated: If your IdP rotates keys or changes endpoints, update the connection in WorkOS immediately.

  • Support: Reach out to your Ventrata Customer Success Representative if you need assistance at any stage.

Did this answer your question?