IBM Tivoli Federated Identity Manager, Version

Configuring Workday single sign-on settings

Configure the Workday security configuration to enable single sign-on.

Before you begin

The configuration requires you to provide a certificate to sign the SAML message in your Federated Identity Manager. Export your Federated Identity Manager certificate into a Privacy-Enhanced Message (PEM) format. See "Exporting a certificate" in the IBM Tivoli Federated Identity Manager Configuration Guide.


  1. Navigate to the website of your service provider.
    1. Open a web browser.
    2. Enter the URL provided by Workday to access your account. For example,<your company>/login.flex.
  2. Log in with your Admin account.
  3. Navigate to the single sign-on configuration page.
    1. Click Workbench > Account Administration > Edit Tenant Setup - Security
  4. Configure the single sign-on settings by providing the following information:
    1. Under SAML Setup, select the Enable SAML Authentication option.
    2. Specify the following information:
      Identity Provider ID
      Enter the Federated Identity Manager Login Endpoint URL. For example,<federation name>/saml20/login
      x509 Public Key
      Upload the certificate that you exported at the beginning of this task in this field. This certificate must contain the public key from the key-pair that is used for signing SAML messages in your Federated Identity Manager.
  5. Save your settings.

What to do next

Test the single sign-on on Workday.