Prerequisites
Azure AD(Entra ID)/SAML enabled, and customers can log in to Control with Entra ID/SAML.
The selective feature “Restrict Control UI Login” is enabled. See below.
Create or select a “Designated Administrator” Control Admin account. This account can bypass the Entra ID or SAML account in case of trouble with your identity provider.
Procedure
Sign into Workspot Control
Go to “Setup > Configuration > Authentication and Registration.”
At the bottom of the “Authentication and Registration” section, set “Control Authentication” to “Azure AD (Entra ID)” or “SAML.”
If you don’t see “Control Authentication,” contact Workspot to have the feature enabled.
Go to “Setup > Configuration > Access > Control Access.”
If you don’t see “Control Access,” contact Workspot to have the feature enabled.
Check the option “Require Third-party Authentication (Azure AD or SAML) for Control logins”.
On the “Designate a Named Administrator” menu, select a Control Administrator. This account will be able to bypass the third-party IdP in case of an IdP failure, so this account should have an especially secure password. Creating an account specifically for the purpose is a good idea.
Click “Save” and you will be prompted with a confirmation message that explains what will change:
Verification
Login with designated administrator from Control GUI on your Local Sign-in URL: https://control.workspot.com/login/local/companyIdentifier. This should work.
Using the same URL, try to sign in as another Control user. This should fail.
Logins using your IdP via https://control.workspot.com/companyIdentifier should work.