Integrate Asana with Conditional Access

In this topic, you will find general instructions on how to integrate Asana with Portnox™ Conditional Access for Applications.

Note: SAML SSO authentication in Asana is only available in the Enterprise and Enterprise+ plans. It is not available in the Personal, Starter, or Advanced plans.
Note: To activate SAML SSO in Asana, you must have super admin privileges in Asana. The first time you add a super admin, you must verify domain ownership and control by adding a TXT entry to your DNS zone.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Asana.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the Applications screen, click on the Add application button, and select the Add new SAML application option.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name Asana for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your Asana SAML authentication settings

In this section, you will access your Asana admin interface and find the settings for SAML authentication.

  1. In another tab of your browser, open Asana by accessing the following URL: https://app.asana.com/.

    From now on, we will call this tab the Asana tab.

  2. Right-click on the icon representing your user in the top-right corner and from the drop-down menu, select the Admin console option.

  3. In the Asana admin interface, in the left-hand side menu, select the Security option.

  4. In the Security pane, in the Global authentication settings section, click on the SAML authentication tile.

Copy configuration values from the Portnox tab to the Asana tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Asana SAML authentication window.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  2. In the Asana tab, click on the empty field under the Sign-in page URL label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Copy certificate option to copy the certificate.

  4. In the Asana tab, click on the empty field under the X.509 certificate label and paste the value copied from Portnox Cloud.

Enter configuration values in the Portnox tab

In this section, you will enter configuration values in the relevant fields in Portnox Cloud.

  1. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and enter the following value: https://app.asana.com/.

  2. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://app.asana.com/-/saml/consume.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Asana.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the Asana tab.
    1. In the SAML authentication window, select the Optional option.
      Note: We recommend this setting when you configure Asana for the first time, to avoid locking users, including yourself, out of Asana if your configuration is not correct.

    2. Click on the Save changes button to save the configuration.

Result: You have configured Asana to be accessible using Portnox Conditional Access for Applications.

To restrict SAML SSO authentication to specific users or user groups, contact Asana support.