Introduction
This document provides step-by-step instructions to configure Workday for Single Sign-On (SSO) integration with Oloid. It covers security configuration, creation of an Authentication Selector, setup of an Identity Provider, and SAML configuration required to enable secure user authentication through Oloid.
Prerequisites
You must have access to the Workday Admin Access.
Ensure that the Webkey application is created and configured in the Tenant Admin Portal. For more information, refer. How to create and configure WebKey Application in Tenant Admin Portal | Oloid Help Center.
Ensure that the IDP profile is created and configured in the Tenant Admin Portal. For more information, refer How to Create IDP Profile for Security Assertion Markup Language (SAML) in the Tenant Admin Portal | Oloid Help Center.
Steps to Configure Workday
The Workday is configured successfully.
Configure Workday Security
Log in to the Workday.
The Welcome screen is displayed.
Navigate/Search Edit Tenant Setup β Security in the search bar.
The Edit Tenant Setup - Security page is displayed.
Create and Configure Authentication Selector
Note: Workday requires an Authentication Selector to route users to the appropriate Identity Provider (e.g., Oloid). If one does not already exist, it must be created.
Go to Single Sign-on section.
Click the β (Add Row) button.
A new row is added.
In the new row, under Redirect Type, select Authentication Selector > Create Authentication Selector.
The Create Authentication Selector screen is displayed.
Do the following.
Enter Name.
Enter Description (Optional).
Select and Enter Login Redirect URL.
Select and Enter Mobile App Login Redirect URL.
Select and Enter Mobile Browser Login Redirect URL.
Note: Refer below table for the URLs.
Field | Value |
Login Redirect URL | https://<your-environment>.workday.com/<your-tenant-name>/login-saml2.flex |
Mobile App Login Redirect URL | https://<your-environment>.workday.com/<your-tenant-name>/login-saml2.flex |
Mobile Browser Login Redirect URL | https://<your-environment>.workday.com/<your-tenant-name>/login-saml2.flex |
Note: Enter your workday environment and your tenant name in the URL.
5. Click OK.
The Authentication Selector is created and configured successfully.
6. Go back to Single Sign-on section and do the following.
a. Select the newly created selector.
b. Enable SAML Authentication.
Create Identity Provider in Workday
Enter Identity Provider Name.
Enter Issuer.
Note: To navigate the issuer URL, on your Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, copy Entity ID.
Configure Certificate in Workday
Select Create x509 Public Key.
The Create x509 Public Key pop-up is displayed.
Do the following.
Upload the signing certificate.
Note: To download the Certificate, on your Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, click Download Certificate.
Click Ok.
The certificate is configured successfully, and the SAML Identity Provider page is displayed.
Configure SAML Settings in Workday
Go the SAML Identity Provider page, scroll right to configure the SAML settings in Workday.
Enable Use Unspecified Name ID Format for Logout Request.
Enable SP Initiated.
Enable Do Not Deflate SP-initiated Authentication Request.
Enter IdP SSO Service URL.
Note: To navigate the IdP SSO Service URL, on your Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, copy Sign-on URL.
Enter Used for Environments.
Note: You can select Implementation, Sandbox and Production (as required).
Click Ok.
The SAML Settings is configured successfully.
After configuration, to log in to Workday refer How to Log in to Workday with Assigned Credentials | Oloid Help Center
Keywords
| Workday SSO | Workday Identity Provider | Oloid Workday integration | Workday SAML setup |