The WorkOS admin portal is integrated into the Ventrata dashboard and allows admin users to manage their organisation's authentication and domain(s).
Access Admin Portal
From here, you can configure Single Sign-On (SSO), manage directory sync, review authentication logs, and more.
From here, you can configure Single Sign-On (SSO), manage directory sync, review authentication logs, and more.
In the Ventrata dashboard, go to [user_name] > Account Settings.
Account Settings
Click Admin and select Edit Account.
Edit Account
In the pop-up window, you will see several WorkOS options for managing your organisation.
Options in the Admin Portal
The Admin Portal groups all key authentication and domain management tools in one place. Below is a quick overview of each option and how to use it.
SSO Connections
Configure and manage Single Sign-On (SSO) for your organisation.
Configure and manage Single Sign-On (SSO) for your organisation.
Prerequisites:
You must be an admin user in Ventrata.
The organisation must have a verified domain.
Someone in your organisation with access to your Identity Provider (IdP) (for example, Azure AD, Okta, Google Workspace) is required.
📒 NOTE
Reach out to your Ventrata Customer Success Representative if you need help at any stage of the setup.
In the pop-up window, select SSO Connections.
SSO Connections
Choose your IdP from the list, or select Customer SAML / Custom OIDC.
Select Your Identity Provider
If prompted, confirm the Organization in WorkOS.
📒 NOTE
SSO connections are tied to organisations.
If your domain is not already verified, complete domain verification via DNS TXT record.
📒 NOTE
Domain verification must succeed before SSO can be activated. DNS changes may take time to propagate.
Follow the WorkOS instructions to finish setup.
Test the connection and save.
Decide whether to keep SSO optional or enforce it for all users in your organisation.
Directory Sync Connections
Set up SCIM (System for Cross-domain Identity Management) to automatically sync users and groups from your IdP into Ventrata.
Set up SCIM (System for Cross-domain Identity Management) to automatically sync users and groups from your IdP into Ventrata.
In the pop-up window, select Directory Sync Connections.
Directory Sync Connections
Choose your IdP directory type (for example, Azure AD, Google Workspace).
Select Your Identity Provider
Follow the WorkOS instructions to finish setup.
Once linked, users and groups will begin syncing automatically into Ventrata.
Review synced data in the WorkOS dashboard to confirm accuracy.
📒 NOTE
Sync may take a few minutes after first connection.
Authentication Audit Logs
Authentication Log Streams
Forward authentication events in real time to your own monitoring or SIEM tools.
Forward authentication events in real time to your own monitoring or SIEM tools.
In the pop-up window, select Authentication Log Streams.
Authentication Log Streams
Enter your log ingestion endpoint (for example, Google Cloud Storage).
Streaming Audit Log Configuration
WorkOS will send JSON-formatted events as they happen.
Test the stream to ensure your system is receiving events correctly.
SSO Domain Verification
Verify new domains before they can be used with SSO.
Verify new domains before they can be used with SSO.
In the pop-up window, select SSO Domain Verification.
SSO Domain Verification
Enter the domain you want to verify.
Verify Your Organization Domain
WorkOS provides a DNS TXT record to add at your domain registrar.
Add DNS Records
After propagation, return to WorkOS to confirm.
Once verified, the domain can be enforced for SSO.
SAML Certificates Renewal
Update or rotate expiring SAML certificates for continued secure authentication.
Update or rotate expiring SAML certificates for continued secure authentication.
In the pop-up window, select SAML Certificates Renewal.
SAML Certificates Renewal
Upload a new certificate from your IdP before the old one expires.
Confirm the update to avoid downtime.
📒 NOTE
If you encounter a 500 error here, it usually means there is no active certificate to renew - in other words, a SAML connection is not yet been set up.
📗 TIP
Test before enforcing: Always validate SSO or directory sync connections with a non-admin test account.
Stay updated: If your IdP rotates keys or changes endpoints, update the connection in WorkOS immediately.
Support: Reach out to your Ventrata Customer Success Representative if you need assistance at any stage.