Workday - SAML Relying Party Configuration - RSA Ready Implementation Guide
25 days ago

This article describes how to integrate Cloud Access Service (CAS) with Workday using SAML Relying Party.

  

Configure CAS

Perform these steps to configure CAS as Relying Party to Workday
Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Navigate to Authentication Clients > Relying Parties.

  1. On the My Relying Parties page, click Add a Relying Party.
  2. From the Relying Party Catalog, click Add next to Service Provider SAML.

  1. On the Basic Information page, enter a name for the application in the Name field, then click Next Step.

  1. On the Authentication page, select RSA manages all authentication.
  2. From the 2.0 Access Policy for Authentication dropdown list, select a policy that was previously configured, then select Next Step.

  1. In the Data Input Method section, choose Enter Manually.
  2. In the Service Provider section, enter the following values:
    1. Assertion Consumer Service (ACS) URL: https://<WORKDAY-domain>/<tenant>/login-saml.htmld
    2. Service Provider Entity ID: Enter the same Service Provider Entity ID entered in the format http://<WORKDAY-domain>/<tenant>/

  1. In the Message Protection section, choose IdP signs entire SAML response.

  1. In the User Identity section, select the following values:
    1. Identifier Type > unspecified
    2. Property > sAMAccountname

  1. Click Save and Finish.
  2. Click Publish Changes and wait for the operation to be completed.

  1. After publishing, your application is now enabled for SSO. 

  1. On the My Relying Parties page, navigate to the newly created application and choose Metadata from the dropdown list.

 

Configure WORKDAY

Perform these steps to configure WORKDAY SIP

Procedure

  1. Log in to WORKDAY tenant with an Administrator account.
  2.  Navigate to Account Administration > Edit Tenant Setup – Security.
  3. Click the + icon under Redirection URLs to add a row.
  4.   In the Redirect URLs section, enter the Login Redirect URL for your tenant.  This should match the ACS URL in the RSA configuration. 

  1. Use the scroll bar to continue filling the SAML Identity Provider fields.
  2. In the SAML Setup section, Enable the Enable SAML Authentication checkbox, then click the + icon under SAML Identity Providers.
  3. Click Import Identity Provider, select the meta data file downloaded from RSA.

  1. Configure the fields in the SAML Identity Provider table, select the following values:
    • Enter a unique value for the Service Provider ID.
    • Enable the Enable SP Initiated SAML Authentication.
    • Enable the Do Not Deflate SP-initiated Authentication Request.
    • Enable the Always Require IDP Authentication.
    • Select ForceAuthn Only.

  1. Click OK

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?