-
Import the metadata for Workday:
- Click Select File to upload the metadata file.
- Click Or use URL to enter the URL of the metadata.
- In the ACS URL field, replace the ${tenant} variable with the your Workday account name.
- Leave the default Entity ID value.
- Optional:
In the Target Resource field, replace the
${tenant} variable with the your Workday account
name.
Note:
Enter this information only if you're using a target resource URL instead of a redirect URL.
- In the Single Logout Endpoint field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to.
- In the Single Logout Response Endpoint field, enter a URL for PingOne for Enterprise to send SLO responses to.
- To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from Zendesk.
- To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.
- Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.
-
Select Pass-Thru RequestedAuthnContext to IdP if you
want PingOne for Enterprise to pass the
RequestedAuthnContext
request to the IdP for your account.This option is available only if you upload a primary verification certificate.
- Select the Encrypt Assertion check box to encrypt outgoing SAML assertions.
-
On the Signing line:
- Click Sign Assertion to have PingOne for Enterprise sign outgoing SAML assertions. This is the default option.
- Click Sign Response to have PingOne for Enterprise sign responses to incoming SAML assertions.
- In the Signing Algorithm list, select an algorithm with which to sign SAML assertions.
- Select the Use Custom URL check box to enter a customer URL to launch Workday from the dock.
Click Continue to Next Step.