Overview
We're announcing the retirement of legacy Workday Peakon Employee Voice domains:
With this update, each customer has a unique subdomain. Example: If your company name is Kinetar, your subdomain could be https://kinetar.peakon.com, and your API endpoint would be https://kinetar.peakon.com/api.
Each Peakon instance has 1 subdomain.
Having a subdomain per customer is a step towards allowing you to choose where data is stored and processed.
Employees that are part of multiple Peakon instances need to go to the subdomain of the company they wish to sign into, rather than selecting the company after entering their email address. Employees that are part of multiple Peakon instances can now authenticate using SSO (single sign-on), and the organization can also mandate SSO for all employees.
This update requires customer action.
Availability
Customers that have their Peakon instance provisioned from August 21, 2023 are required to select a custom subdomain.
Existing customers will receive an email in September with the proposed subdomain and the subdomain activation date. On February 1, 2024, we'll update all customers to the suggested subdomain unless they've already activated their subdomain.
Subdomains are subject to the following constraints:
- Between 2 and 63 alphanumeric characters (“a” through “z”, “0” through “9" and dash “-”). It cannot begin with a dash.
- Must be unique amongst all Peakon customers.
- Certain subdomains are reserved for Peakon, such as “www”, “app”, “survey” and “api”.
Notice Period
The notice period is 12 months (until August 21, 2024). During the notice period, we maintain backwards compatibility by:
- Responding to system requests to legacy Peakon domains.
- Redirecting legacy Peakon domain links to the new subdomain.
- Including the new subdomain in all notifications.
After the notice period, we'll stop supporting legacy Peakon domains and any references to the legacy domains will no longer function.
Call to Action
- Follow the instructions outlined in the email that you’ll receive by contacting Customer Care to agree on a new subdomain. Once you've established what the new subdomain will be, complete the below steps before enabling it on your Peakon account.
- If your organization has configured your SSO provider with a strict callback URL validation, enabling the subdomain could cause SSO errors. Ensure that your IT team adds the callback URL using this pattern:
https://[SUBDOMAIN].peakon.com/saml/[COMPANY_ID]/assert
- If your organization has configured your corporate firewall to only allow the legacy domain, it may inadvertently block the new company subdomain. Ensure that your IT team updates internal corporate firewall configuration to allow this URL pattern:
https://[SUBDOMAIN].peakon.com/*
Note
Complete the above steps before enabling a subdomain. We recommend also keeping the legacy domain on your allow-list until the end of the retirement period.
- If your organization has configured your SSO provider with a strict callback URL validation, enabling the subdomain could cause SSO errors. Ensure that your IT team adds the callback URL using this pattern:
- Update integrations with the new URL, where applicable:
- Custom SCIM 2.0 integrations that you configured through Administration > Integrations > Employee Provisioning.
- Update the SCIM 2.0 URL. You can find the new SCIM 2.0 URL on the Employee Provisioning set up page in Peakon. The OAuth Bearer Token remains the same.
Note: This update needs to be made in your SCIM 2.0 configuration in your identity management system or Identity Provider.
- Update the SCIM 2.0 URL. You can find the new SCIM 2.0 URL on the Employee Provisioning set up page in Peakon. The OAuth Bearer Token remains the same.
- Single Sign-On that you configured through Administration > Integrations > Single Sign-On.
- Update the Entity ID and Reply URL (ACS). You can find the new values on the Single Sign-On set up page in Peakon.
Note: This update needs to be made in your SAML 2.0 configuration for Peakon in your Identity Provider. Refer to our single sign-on documentation, or the documentation from your Identity Provider for guidance on how to make the update.
- Update the Entity ID and Reply URL (ACS). You can find the new values on the Single Sign-On set up page in Peakon.
- API data exports that you configured through Administration > Integrations > Custom apps.
- In your custom integration update the API endpoint with https://[your subdomain].peakon.com/api. Example: If your subdomain is Kinetar, then the API endpoint would be https://kinetar.peakon.com/api.
Note: This update needs to be made in your custom integration.
- In your custom integration update the API endpoint with https://[your subdomain].peakon.com/api. Example: If your subdomain is Kinetar, then the API endpoint would be https://kinetar.peakon.com/api.
- API client for Peakon in your Workday tenant.
- Use the task Edit API Client. In the prompt select the API Client and click Ok.
- Update the field Redirection URI with https://[your subdomain].peakon.com/workday/complete.
Example: If your subdomain is Kinetar, then the new value would be https://kinetar.peakon.com/workday/complete.
- Custom SCIM 2.0 integrations that you configured through Administration > Integrations > Employee Provisioning.
- Update internal training and documentation.
- Update bookmarks where possible.
Note: You don't need to update these integrations, since they continue to work as normal:
- Workday Prism, People Analytics, Worklet, and PEX cards
- HiBob
- BambooHR
- Personio
- Slack
- MS Teams
Comments
0 comments
Article is closed for comments.