Adding Workday to Your PingOne for Enterprise Dock
Add the Workday application to your PingOne for Enterprise dock from the application catalog.
Steps
-
In the PingOne for Enterprise admin console, go to Applications → Application Catalog.
-
Optional: In the Search field, search for the application.
-
Click the Workday application line to expand it, and then click Setup.
-
On the SSO Instructions tab, click Download to download the PingOne for Enterprise signing certificate.
-
Copy the IdP ID value.
-
Send an email to your Workday partner representative with the following information.
Property Description Certificate
Attach the signing certificate you downloaded in step 4.
Certificate validity range
The issued date and the expiration date of the certificate.
Redirect URL
Include the following URL with your PingOne for Enterprise account information filled in.
https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=e003a904-a9d8-4d2e-a3e8-74dac7879938&idpid=<Enter idpid here>&appurl=https%3A%2F%2Fwww.myworkday.com%2<Enter Workday tenant here>%2Flogin.flex
The Redirect URL is not required if you plan to use the Target Resource URL.
Logout URL
Specify where to redirect users when they sign out of Workday.
Identity Provider ID
The IdP ID value from above.
Next steps
In PingOne for Enterprise, click Continue to Next Step.
Workday Connection Configuration
Steps
-
Import the metadata for Workday:
Choose from:
-
Click Select File to upload the metadata file.
-
Click Or use URL to enter the URL of the metadata.
-
-
In the ACS URL field, replace the ${tenant} variable with the your Workday account name.
-
Leave the default Entity ID value.
-
Optional: In the Target Resource field, replace the ${tenant} variable with the your Workday account name.
Enter this information only if you’re using a target resource URL instead of a redirect URL.
-
In the Single Logout Endpoint field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to.
-
In the Single Logout Response Endpoint field, enter a URL for PingOne for Enterprise to send SLO responses to.
-
To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from Zendesk.
-
To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.
-
Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.
-
Select Pass-Thru RequestedAuthnContext to IdP if you want PingOne for Enterprise to pass the
RequestedAuthnContext
request to the IdP for your account.This option is available only if you upload a primary verification certificate.
-
Select the Encrypt Assertion check box to encrypt outgoing SAML assertions.
-
On the Signing line:
Choose from:
-
Click Sign Assertion to have PingOne for Enterprise sign outgoing SAML assertions. This is the default option.
-
Click Sign Response to have PingOne for Enterprise sign responses to incoming SAML assertions.
-
-
In the Signing Algorithm list, select an algorithm with which to sign SAML assertions.
-
Select the Use Custom URL check box to enter a customer URL to launch Workday from the dock.
Next steps
Click Continue to Next Step.
Workday Attribute Mapping
About this task
PingOne for Enterprise will automatically populate required SAML attributes.
For Workday, the required attribute is SAML_SUBJECT
.
Steps
-
To add an additional optional attribute, click Add new attribute.
-
In the Application Attribute field, enter the attribute name as it appears in the application.
-
In the Identity Bridge Attribute or Literal Value field, choose one of the following:
Choose from:
-
To map to the application attribute: Enter or select a directory attribute.
-
To assign to the application attribute: Select As Literal, then enter a literal value.
-
-
To create advanced attribute mappings, click Advanced.
For more information, see Create advanced attribute mappings.
Next steps
Click Continue to Next Step.
Workday Customization
Steps
-
To change the application icon, click Select image and upload a local image file.
The image file must be:
-
PNG, GIF, or JPG format
-
312 x 52 pixels maximum
-
2 MB maximum file size
Images are scaled to 64 x 64 pixels for display.
-
-
To change the name of the application displayed on the dock, in the Name field, enter a new name.
-
To change the description of the application, in the Description field, enter the new description text.
-
To change the category to which the application is assigned on the dock, in the Category list, select a category.
For information about creating custom application categories, see Creating a custom application category.
Next steps
Click Continue to Next Step.
Workday Group Access
About this task
The Group Access tab shows every user group that you have created.
For more information about creating user groups, see Add user groups.
Steps
-
To add a group’s access to the application, on the line for that group, click Add.
-
To remove a group’s access, on the line for that group, click Remove.
-
When you’re finished assigning groups, click Continue to Next Step.
Next steps
On the Review Setup tab, review your configuration, and click Finish to add the application to your PingOne for Enterprise dock.