Last updated on October 16, 2024
Overview
The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to Weekdone. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.
Supported Authentication Methods
| Authentication Method | Supported | Comments |
| Mobile Push | ✔ | N/A |
| WebAuthn/U2F Security Key | ✔ | N/A |
| Passcode | ✔ | N/A |
| SMS Passcode | ✔ | N/A |
| SMS Link | ✔ | N/A |
| Phone Call | ✔ | N/A |
| QR Code | ✔ | N/A |
| Email Link | ✔ | N/A |
| YubiKey OTP Security Key | ✔ | N/A |
Before you start
You need to install and configure Rublon Access Gateway itself before configuring Weekdone to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.
Configuration
Follow these steps to enable Rublon 2FA in Weekdone.
Weekdone
1. Log in to Weekdone as administrator.
2. Click your user avatar in the upper-right corner and select Company settings from the expendable list.
3. Select Single-sign-on (SAML) from the pane on the left.
4. Fill in the form. Refer to the following image and table.
| SAML name | Enter a SAML name. This value has to be unique, e.g. the name of your company. You will be using this URL to log in to Weekdone using Rublon 2FA. |
| SAML SSO URL | Enter the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway). |
| SAML Logout URL | Enter the value of Logout URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway). |
| X509 Certificate | Enter the text value of the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE. Open the downloaded certificate in a text editor. Copy the entire contents and paste it into the text field. |
Note
We recommend you keep Members may log in with e-mail and password checked at least until you tested logging in to Weekdone with Rublon 2FA.
Once you tested logging in to Weekdone with Rublon 2FA and everything worked, you can get back to this form and select Members must log in via SAML.
When Members must log in via SAML is enabled, every member, including admins, must use Rublon 2FA.
Rublon Access Gateway
1. In Rublon Access Gateway, go to Applications → Add application.
2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.
| Application name | Enter a name for the application, e.g. Weekdone. The name will be displayed during Rublon 2FA. |
| Entity ID | https://weekdone.com/a/example/metadata Note: Replace example with the SAML name from Weekdone. |
| Assertion Consumer Service | https://weekdone.com/a/example Note: Replace example with the the SAML name from Weekdone. |
| Single Logout Service | https://weekdone.com/a/example/logout Note: Replace example with the SAML name from Weekdone. |
| NameID format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| NameID attribute | |
| Send Attributes | NameID |
| Signature algorithm | sha-256 |
| Validate Authn Request | Uncheck. |
| Sign response | Check. |
| Certificate for signing | Select the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE. |
Log in to Weekdone with Rublon 2FA
1. Go to https://weekdone.com/a/example. Replace example with the value of SAML name from Weekdone.
2. You will be redirected to the Rublon Access Gateway login page.
3. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.
4. You will be sent a push notification. Tap APPROVE.
5. You will be successfully logged in to Weekdone.
Troubleshooting
If you encounter any issues with your Rublon integration, please contact Rublon Support.
