PingOne for Enterprise

Adding ADP Workforce Now to Your PingOne for Enterprise Dock

Add the ADP Workforce Now application your PingOne for Enterprise dock from the application catalog.

Steps

  1. In the PingOne for Enterprise admin console, go to Applications → Application Catalog.

  2. Optional: In the Search field, search for the application.

  3. Click on the ADP Workforce Now application line to expand it and click Setup.

Next steps

On the SSO Instructions tab, click Continue to Next Step.

ADP Workforce Now Connection Configuration

Steps

  1. In the ACS URL field, enter the assertion consumer service (ACS) URL.

    The default ACS URL is pre-populated, and should work for most ADP Workforce Now connections.

  2. In the Entity ID field, enter the Entity ID.

    The default Entity ID is pre-populated, and should work for most ADP Workforce Now connections.

  3. In the Target Resource field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

    The default URL is pre-populated, and should work for most ADP Workforce Now connections.

  4. In the Single Logout Endpoint field, enter a URL for PingOne to send single logout (SLO) requests to.

  5. In the Single Logout Response Endpoint field, enter a URL for PingOne to send SLO responses to.

  6. On the Primary Verification Certificate line, click Browse to locate and upload a local certificate file used to verify SLO requests and responses.

  7. On the Secondary Verification Certificate line, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

  8. Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.

  9. Select the Encrypt Assertion box to encrypt outgoing SAML assertions.

  10. On the Signing line:

    Choose from:

    • Click Sign Assertion to have PingOne sign outgoing SAML assertions. This is the default option.

    • Click Sign Response to have PingOne sign responses to incoming SAML assertions.

  11. From the Signing Algorithm list, select an algorithm with which to sign SAML assertions.

  12. Select the Use Custom URLcheck box to enter a customer URL to launch ADP Workforce Now from the dock.

Next steps

Click Continue to Next Step.

ADP Workforce Now Attribute Mapping

About this task

PingOne will automatically add required SAML attributes.

For ADP Workforce Now, the required attributes are:

  • SAML_SUBJECT. The identity bridge attribute is mapped by default.

  • PersonImmutableID. Map the identity bridge attribute representing your employee ID.

Steps

  1. To add an additional optional attribute, click Add new attribute.

  2. In the Application Attribute field, enter the attribute name as it appears in the application.

  3. In the Identity Bridge Attribute or Literal Value field, choose one of the following:

    Choose from:

    • To map to the application attribute: Enter or select a directory attribute.

    • To assign to the application attribute: Select As Literal, then enter a literal value.

  4. To create advanced attribute mappings, click Advanced.

    For more information, see Create advanced attribute mappings.

Next steps

Click Continue to Next Step.

ADP Workforce Now Customization

Steps

  • To change the application icon, click Select image and upload a local image file.

    The image file must be:

    • PNG, GIF, or JPG format

    • 312 x 52 pixels maximum

    • 2 MB maximum file size

      Images are scaled to 64 x 64 pixels for display.

  • To change the name of the application displayed on the dock, in the Name field, enter a new name.

  • To change the description of the application, in the Description field, enter the new description text.

  • To change the category to which the application is assigned on the dock, in the Category list, select a category.

    For information about creating custom application categories, see Creating a custom application category.

Next steps

Click Continue to Next Step.

ADP Workforce Now Group Access

About this task

The Group Access tab shows every user group that you have created.

For more information about creating user groups, see Add user groups.

Steps

  • To add a group’s access to the application, on the line for that group, click Add.

  • To remove a group’s access, on the line for that group, click Remove.

  • When you’re finished assigning groups, click Continue to Next Step.

ADP Workforce Now SAML Connection

Steps

  1. On the Review Setup tab, go to the SAML Metadata line and click Download to download the PingOne metadata.

  2. Click Finish to complete your configuration and add ADP Workforce Now to your PingOne Dock.

  3. Go to https://adpfedsso.adp.com and sign on using your ADP account credentials.

  4. Follow the steps on the ADP site to upload the metadata file.

  5. After your metadata has been uploaded, your ADP account representative will confirm that the setup is complete in the live environment and to advise on next steps.