Workday - SAML My Page SSO Configuration - RSA Ready Implementation Guide
24 days ago

This article describes how to integrate Cloud Access Service (CAS) with Workday using My Page SSO.

Configure CAS

Perform these steps to configure RSA Cloud Access Service using My Page SSO.

Procedure

  1. Sign in to RSA Cloud Administration Console and navigate to Applications > Application Catalog.
  2. Click Create from Template, then click Select next to SAML Direct.

  1. On the Basic Information page, select Cloud.
  2. In the Name field, enter the application name and click Next Step.

  1. On the Connection Profile page, navigate to Initiate SAML Workflow section and choose IdP-initiated.
  2. In Data Input Method, Choose Enter Manually.
  3. Scroll down to the Service Provider section. enter the following fields in the following format:
    1. Assertion Consumer Service (ACS) URL: https://<WORKDAY-domain>/<tenant>/login-saml.htmld
    2. Service Provider Entity ID: Enter the same Service Provider Entity ID entered in the format http://<WORKDAY-domain>/<tenant>/

  1. In the Message protection section, select IdP Signs entire SAML response.
  2. Click Download Certificate.

  1. In the User Identity section, select the following values: 
    1. Identifier Type > unspecified
    2. Property > sAMAccountName

  1. In the Statement Attributes section, select the following values:

    • Attribute Name: Username

    • Attribute Source: Identity Source

    • Property: SAMAccountName

  1. On the User Access page, choose the access policy you want to use to determine which users can access the application, then click Next Step.

  1. On the Portal Display page, configure the portal display and other settings. Then click Next Step.

  1. On the Fulfillment page, configure your preferred settings or leave the Fulfillment toggle disabled as it is, then click Save and Finish.
  2. Click Publish Changes and wait for the operation to be completed.

  1. After publishing, your application is now enabled for SSO. 

  1. View the newly created application on the Applications page. Choose Export Metadata from the dropdown list. This Metadata will be used later in the WORKDAY configuration.

 

Configure WORKDAY

Perform these steps to configure WORKDAY SIP

Procedure

  1. Log in to WORKDAY tenant with an Administrator account.
  2.  Navigate to Account Administration > Edit Tenant Setup – Security.
  3. Click the + icon under Redirection URLs to add a row. 
  4. In the Redirect URLs section, enter the Login Redirect URL for your tenant. This should match the ACS URL in the RSA configuration.

  1. Use the scroll bar to continue filling the SAML Identity Provider fields.
  2. In the SAML Setup section, select the checkbox Enable SAML Authentication and then click the + icon under SAML Identity Providers.
  3. Click Import Identity Provider, select the meta data file downloaded from RSA.

  1. Configure the fields in the SAML Identity Provider table, select the following values:
    • Enter a unique value for the Service Provider ID.
    • Enable the Enable SP Initiated SAML Authentication.
    • Enable the Do Not Deflate SP-initiated Authentication Request.
    • Enable the Always Require IDP Authentication.
    • Select ForceAuthn Only.

  1. Click OK

The configuration is complete.

 

Related Articles

Trending Articles

Don't see what you're looking for?