Introduction
This document provides step-by-step instructions to configure Workday for Single Sign-On (SSO) integration with Oloid. It covers security configuration, creation of an Authentication Selector, setup of an Identity Provider, and SAML configuration required to enable secure user authentication through Oloid.
Prerequisites
You must have access to the Workday Admin Access.
Ensure that the Webkey application is created successfully. For more information, refer. How to create and configure WebKey Application in Tenant Admin Portal | Oloid Help Center.
Ensure that the IDP is created and configured in the Tenant Admin Portal. For more information, refer How to Create IDP Profile for Security Assertion Markup Language (SAML) in the Tenant Admin Portal | Oloid Help Center and How to Configure Security Assertion Markup Language (SAML) - Okta IDP Profile in the Tenant Admin Portal | Oloid Help Center
Steps to Configure Workday
The Workday is configured successfully.
Configure Workday Security
Log in to the Workday.
The Welcome screen is displayed.
Navigate/Search Edit Tenant Setup β Security in the search bar.
The Edit Tenant Setup - Security page is displayed.
Create and Configure Authentication Selector
Note: Workday requires an Authentication Selector to route users to the appropriate Identity Provider (e.g., Oloid). If one does not already exist, it must be created.
Go to Single Sign-on section.
Click the β (Add Row) button.
A new row is added.
In the new row, under Redirect Type, select Authentication Selector > Create Authentication Selector.
The Create Authentication Selector screen is displayed.
Do the following.
Enter Name.
Enter Description (Optional).
Select and Enter Login Redirect URL.
Select and Enter Mobile App Login Redirect URL.
Select and Enter Mobile Browser Login Redirect URL.
Note: Refer below table for the URLs.
Field | Value |
Login Redirect URL | |
Mobile App Login Redirect URL | |
Mobile Browser Login Redirect URL |
Note: The above URLs are as per your workday tenant URLs.
5. Click OK.
The Authentication Selector is created and configured successfully.
6. Go back to Single Sign-on section and do the following.
a. Select the newly created selector.
b. Enable SAML Authentication.
Create Identity Provider in Workday
Enter Identity Provider Name.
Enter Issuer.
Note: To navigate the issuer URL, on Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, copy Entity ID.
Configure Certificate
Select Create x509 Public Key.
The Create x509 Public Key pop-up is displayed.
Do the following.
Upload the signing certificate.
Note: To download the Certificate, on Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, click Download Certificate.
Click Ok.
The Certificate is configured successfully.
Configure SAML Settings
Enable Use Unspecified Name ID Format for Logout Request.
Enable SP Initiated.
Enable Do Not Deflate SP-initiated Authentication Request.
Enter IdP SSO Service URL.
Note: To navigate the IdP SSO Service URL, on Tenant Admin Portal, go to Auth Policy > Identity Provider > Select the preferred IDP > Oloid Metadata, copy Sign-on URL.
Enter Used for Environments.
Note: You can select Implementation, Sandbox and Production (as required).
Click Ok.
The SAML Settings is configured successfully.
Keywords
| Workday SSO | Workday Identity Provider | Oloid Workday integration | Workday SAML setup |