Export (0) Print
Expand All

Tutorial: Azure AD integration with Workday

Published: November 21, 2013

Updated: September 15, 2014

Applies To: Azure

TipTip
For feedback, click here.

For more information about this topic, see Best Practices for Managing the Application access enhancements for Azure Active Directory.

The objective of this tutorial is to show the integration of Azure and Workday. The scenario outlined in this tutorial assumes that you already have the following items:

  • A valid Azure subscription

  • A tenant in Workday

The scenario outlined in this tutorial consists of the following building blocks:

  1. Enabling the application integration for Workday

  2. Configuring single sign-on

The objective of this section is to outline how to enable the application integration for Salesforce.

  1. In the Azure Management Portal, on the left navigation pane, click Active Directory.

    Active Directory
  2. From the Directory list, select the directory for which you want to enable directory integration.

  3. To open the applications view, in the directory view, click Applications in the top menu.

    Applications
  4. To open the Application Gallery, click Add An App, and then click Add an application for my organization to use.

    What do you want to do?
  5. In the search box, type Workday.

    Workday
  6. In the results pane, select Workday, and then click Complete to add the application.

    Workday

The objective of this section is to outline how to enable users to authenticate to Workday with their account in Azure AD using federation based on the SAML protocol.
As part of this procedure, you are required to upload a certificate to Workday.

The following screenshot shows an example of the related dialog in Azure AD:

Configure single sign-on at Workday

  1. On the Workday application integration page, click Configure single sign-on to open the CONFIGURE SINGLE SIGN ON dialog.

  2. On the Configure App URL page, in the Workday Tenant URL textbox, type your Workday tenant URL.

  3. Click Next to open the Configure single sign-on at Workday page.

  4. To download your certificate, click Download your certificate, and then save the certificate file locally as c:\workday.cer.

  5. On the Welcome to the Certificate Export Wizard page, click Next.

  6. On the Export File Format dialog page, click Base-64 encoded X.509 (.CER), and then click Next.

  7. On the File to Export dialog page, in the File name textbox, type c:\workday64.cer.

  8. Click Next to open the Completing the Certificate Export Wizard dialog page.

  9. Click Finish to export the certificate.

  10. Click OK to close the Welcome to the Certificate Export Wizard.

  11. Login to your Workday tenant.

  12. In the menu on the top of the page, click Workbench.

    Workbench
  13. In the Account Administration section, under Actions, click Edit Tenant Setup - Security

    Edit Tenant Setup

  14. On the Edit Tenant Setup – Security page, perform the following steps:

    Single Sign-on
    1. Select Enable SAML Authentication.

    2. To configure a new SAML identity provider, click the Plus button.

      SAML Setup
    3. In the Identity Provider Name textbox, type Microsoft.

    4. In the Issuer textbox, paste the Identity Provider ID from the Azure AD portal dialog.

    5. To upload your certificate, perform the following steps:

      1. Click the icon next to the x509 Certificate textbox to open the Key Management dialog.

      2. On the Key Management dialog, click Create.

      3. Click Create x509 Public Key.

      4. On the Create x509 Public Key page, perform the following steps:

        Create x509 Public Key
        1. In the Name textbox, type AAD PROD.

          noteNote
          You are free to choose a name you like for this field.

        2. Right-click your certificate at c:\workday64.cer, and then, select Open to open the Certificate dialog.

        3. From your certificate, copy the values for Valid from and Valid to and paste them into the related textboxes of the Create x509 Public Key page.

        4. Open your certificate at c:\workday64.cer in notepad, copy the content and then, paste it into the Certificate textbox.

    6. In the Service Provider ID textbox, paste the Single sign-on service URL from the Azure AD portal dialog, and then remove the /saml2 suffix from the URL. The following screenshot shows an example for this:

      Single sign-on service URL
    7. In the IdP SSO Service URL textbox, paste the Single Sign On Service URL from the Azure AD portal.

    8. In the Authentication Request Signature Method textbox, type SHA256.

    9. To save your settings, click OK.

  15. In the Azure AD portal, on the Configure single sign-on at Workday page, click Complete to close the dialog.

You can now go to the Access Panel and test single sign-on to Workday.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft