Workday application integration with Azure

1. Workday application integration with Azure You can use combining the Workday application with Azure AD. You can use this as follows. ●Monitor who has access to Workday with Azure AD. ●Enable your users to log into Workday automatically with their Azure AD accounts. ●In one central location, monitor your accounts - the Azure portal. Pre-Requirements for workday application You need to start following things. ●A subscription to Azure AD. You will get a free account if you don't have a subscription. ●Subscription allowed for Workday Single Sign-on (SSO). SP initiated SSO is sponsored by Workday. You can now customize the Workday Mobile Workday application with Azure AD to allow SSO. Please follow this connection for more information on how to configure them. Note This Workday application's identifier is a fixed string value so that only one instance in one tenant can be configured. Adding Workday application from the Gallery You need to add Workday application integration from the gallery to your list of managed SaaS apps. This is to customize the integration of the Workday application into Azure AD. ●Use either a work or school account, or a personal Microsoft account, to sign in to the Azure portal. ●Select the Azure Active Directory service on the left navigation window. ●Navigate to Business Apps and press All Workday applications. ●To add a new Workday application, press Workday application New. ●In the Add from Gallery line, in the search box, type Workday. ●From the results screen, pick Workday, then add the app. Wait a few seconds as your tenant is being added to the app. Configure and test for Workday application into Azure AD SSO

2. Use a test user named to set up and test Azure AD SSO using Workday. You need to create a connection between the Azure AD user and the related Workday user for SSO to work. Configure and evaluate the Workday application in Azure AD SSO Follow these steps. ●Configure Azure AD SSO to allow this feature to be used by your users. ●Build an Azure AD test user to test B.Simon's single sign-on for Azure AD. ●Assign the Azure AD test user to allow the Azure AD single sign-on to be used by ●On the Workday application hand, configure Workday to configure SSO settings. ●Build a Workday test user to have a counterpart that is connected to the user's Azure AD representation. ●SSO test to check whether the setup is operating. Azure AD SSO Configuration in Workday application To activate Azure AD SSO within the Azure portal, follow these steps. On the Workday Application Integration page of the Azure portal, find the Manage section, and choose Single Sign-on. Select SAML on the Select A Single Sign-On Method list. On the Configure Single Sign-On with SAML tab, click the Simple SAML Configuration edit/pen icon to edit the settings. Edit SAML Basic Configuration Enter the values for the following fields on the Simple SAML Configuration page: a. Enter a URL using the following pattern in the Sign-on URL text box: https:/impl.workday.com/login- saml2.flex. b. Type a URL using the following pattern in the Reply URL text box: https:/impl.workday.com/login- saml.htmld. c. Type a URL using the following pattern in the Logout URL text box: https:/impl.workday.com/login- saml.htmld. Such values are not true values. Use the actual Sign-on URL, Reply URL, and Logout URL to change these values. For example, the reply URL must have a subdomain: www, wd2, wd3, wd3-imply, wd5, wd5-imply). Using something like http:/www.myworkday.com works but it does not work with http:/myworkday.com. To get these principles, contact the Workday Client support team. You may also refer to the patterns shown in the Azure portal in the Basic SAML Configuration section. Your Workday app expects SAML statements in a particular format, which allows you to add custom attribute mappings to the configuration of your SAML token attributes. The following screenshot displays a list of default attributes, where the user. userprincipalname is mapped to the name identifier. The Workday framework expects users. mail, UPN, etc to be mapped to the name identifier, so you need to edit the mapping attribute by pressing the Edit icon and changing the mapping attribute. The User Attributes screenshot is displayed with the Edit icon selected.

3. Note We have mapped the name ID here by default with UPN (user. user principal name). On the Configure Single Sign-On with SAML tab, locate the Certificate (Base64) in the SAML Signing Certificate section and select Download to download the certificate and save it to your device. The Download certificate link opens. Click the Edit button to open the SAML Signing Certificate dialog to change the signing options as needed. SAML Certificate Signing a. Pick the Sign SAML answer and the Signing Option assertion. b. Click on Save Copy the required URL(s) according to your requirements in the Setup Workday section. Copy URLs for Setup Build a consumer with an Azure AD test In this section, in the Azure portal, you can build a test user named Select Azure Active Directory from the left pane of the Azure portal, click Accounts and then click All Users. At the top of the list, pick New Consumer. Follow the following steps in User Properties: Please enter a name in the name sector. Enter Username@companydomain.extension in the User Name field. B.Simon@contoso.com, for instance. Pick the Show password check box, and then type the value that appears in the Password box. Select Building. Assign consumer for the Azure AD test In this portion, by granting access to Workday, you will allow using the Azure single sign-on. Pick Business Workday applications from the Azure portal, and then press All apps. Pick Workday from the list of apps. Find the Manage section on the App Overview page and pick Users and Classes. Click Add User, and in the Add Assignment window, select Users and Classes. Select name from the Users list in the Users and Groups dialog and then press the Select button at the bottom of the screen. You can pick a role from the Select a role drop-down if you expect a role to be allocated to users. If no role has been configured for this app, the selected role is Default Access.

4. Click the Assign button in the Add Task dialog box. Set Up Workday Sign in to your Workday company page as an administrator in another web browser window. Check on the top left side of the home page with the word Edit Tenant Setup-Security in the Search window. Edit Security for Tenants Perform the following steps in the SAML Setup section: SAML Setup a. Select Allow Authentication for SAML. b. Please click Add Lines. Please perform the following actions for the newly generated row in the SAML Identity Providers section. a. Perform the following behavior, shown below for the fields. SAML Providers of Identity 1 Type the name of a provider in the Identity Provider Name textbox (for example SPInitiatedSSO). Copy the Azure AD Identifier value from the Set Up Workday section of the Azure portal. Later on, paste it into the Issuer textbox. b. Perform the following behavior, shown below for the fields. SAML Identity Providers 2 Click on the checkbox Allow IDP Initiated Logout. Type http:/www.workday.com in the Logout Answer URL textbox. Paste the Logout URL value that you copied from the Azure portal into the Logout Request URL textbox. Tap the Initiated Checkbox for SP. Type http:/www.workday.com in the textbox for the Service Provider ID. Pick Do Not Deflate SP-initiated Request for authentication. c. Perform the following behavior, shown below for the fields. Providers of SAML Identity 3 Copy the Login URL value from the Set Up Workday section of the Azure portal, and then paste it into the IdP SSO Service URL textbox. Select the necessary environment names from the drop-down in the Used for the Environments text box. Perform the following measures in the picture below.

5. The Workday application a. Type http:/www.workday.com in the Service Provider ID (Will Be Obsolete) textbox. b. Type the Login URL value in the IDP SSO Service URL (Will Deprecate) textbox. c. Pick Do Not Deflate Request for SP-initiated Authentication (Will be Deprecated). d. Select SHA256 for the Authentication Request Signature Process. e. Only click OK. Please make sure you correctly configure a single sign-on. You can not be able to access the Workday application with your credentials and get locked out if you allow a single sign-on with an incorrect configuration. Workday offers a backup log-in URL in this case, where users can sign-in in the following format using their usual username and password:[Your Workday URL]/login.flex? Redirect=n Build a User Evaluation Workday application As an administrator, log in to your Workday business website. ●In the top-right corner, click Profile, select House, and in the Workday applications tab, click Directory. ●Select Find Staff from the View tab on the Directory list. ●Find employees ●Pick a user from the results on the Find Staff tab. ●On the next tab, select Job > Worker Protection, and the Workday account must match the name ID value of the Azure active directory. ●Worker Protection ●SSO Test ●Test your Azure AD single sign-on setup with the following options in this section. Conclusion I hope you need workday application integration for Azure. You can learn more about other workday integration through Workday online training.