Steps to configure SAML SSO for Workday

About Workday

Workday is an enterprise management cloud solution that integrates finance, HR, planning, and spending management. It offers best-in-class applications designed to help businesses streamline operations, enhance decision-making, and drive efficiency.

The following steps will help you enable single sign-on (SSO) for Workday from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications. For more information, refer to pricing details.
  2. Log in to Identity360 as an Admin or Super Admin.
  3. Navigate to Applications > Application Integration > Create New Application, and select Workday from the applications displayed.
    Note: You can also find Workday from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, choose SSO and click Continue.
    General Settings of SSO configuration for WorkdayIdentity360 application configuration General Settings
  6. Under Integration Settings, navigate to the Single Sign On tab and click Metadata Details. Copy the Login URL, Logout URL, Issuer URL, and Signing Certificate, which will be used during the configuration of Workday.
    • Copy the Issuer URL which will be used during the configuration of Velpic.
    • Download the metadata by clicking Download from the Metadata field.
      Identity360 application configuration Integration SettingsIntegration Settings of SSO configuration for Workday

Workday (service provider) configuration steps

  1. Log into Workday with admin privileges.
  2. Search for Edit Tenant Setup in the home screen search box, then click the Edit Tenant Setup - Security option in the search results.
  3. Scroll down to the Single Sign-On section and expand it, if not already expanded.
  4. Click the plus (+) icon underneath Redirection URLs to add a row.
  5. Enter the Login Redirect URL and Logout Redirect URL copied from step 6 of the prerequisites, and choose an Environment from the drop-down.
  6. Go to the SAML Setup section to configure the identity provider.
  7. Check the Enable SAML Authentication box.
  8. Click the plus (+) icon underneath SAML Identity Providers to add a new configuration.
  9. Enter Identity360 under the Identity Provider Name field.
  10. Paste the Issuer URL copied from step 6 of the prerequisites under the Issuer field.
  11. Under the x.509 Certificate field, click Create x.509 Public Key, enter Identity360 certificate as the Name of the certificate, and paste the Signing Certificate copied from step 6 of the prerequisites in the Certificate field.
  12. Check the SP Initiated box.
  13. Enter http://www.workday.com under the Service Provider ID field.
  14. Check the Do Not Deflate SP-initiated Authentication Request box.
  15. Paste the Login URL copied from step 6 of the prerequisites under the IdP SSO Service URL field.
  16. Select Implementation as the type of environment under the Used for Environments field.
  17. Click OK to complete the configuration.

Identity360 (identity provider) configuration steps

  1. Switch to Identity360's application configuration page.
  2. Enter the Tenant Name of your Workday account. For example, if your Workday URL is https://zillium.workday.com, then zillium is the tenant name.
  3. Enter the Relay State parameter, if necessary.
    Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
  4. In the Sub Domain field, enter the subdomain name of your Workday account. For example, if your Workday URL is https://valescorp.workday.com, then valescorp is the subdomain.
  5. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for Workday
  6. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Workday through the Identity360 portal.

Note: For Workday, both SP-initiated and IdP-initiated flows are supported.

Steps to enable MFA for Workday

Setting up MFA for Workday using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to Workday. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate Workday with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for Workday by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.