Administrator access on Peakon.
If your employees have email addresses from multiple domains, you need to specify them on your organization's account for SSO to work. Contact Customer Care for assistance.
You can set up single sign-on (SSO) so your employees can sign into Peakon using their credentials from your identity management tool. Example: Okta. See Single sign-on overview for more information.
Peakon is deprecating the legacy app.peakon.com domain and replacing it with a unique subdomain per customer. Ensure that your SSO configuration reflects your organization's subdomain before August 2024. See more: Workday Peakon legacy domain retirement.
- Enable SSO in Peakon.
- Go to Administration > Integrations > Single Sign-On.
- Click Connect. The page will now display SSO configuration fields.
- Enter SSO Log-in URL.
- Copy the Entity ID and Reply URL (ACS) values, then enter them in the tool that you will use for SSO.
- (Optional) Enter SSO Log-out URL.
- Upload Certificate.
- Select an option in the Require single sign-on drop-down menu.
- (Optional) Force authentication to require anyone signing in to go through SSO, even if they have an active session.
- (Optional) Force legacy domain if you need to use the legacy domain app.peakon.com for the redirect URL. Note that when using this setting, the Entity ID and Reply URL settings won't update, but the functionality will work as intended.
This setting provides easier adoption of subdomains for customers who use Okta or other SSO providers that don't allow multiple callback URLs. See this article for more details: Workday Peakon Legacy Domain Retirement (requires Workday Community access).
- Test SSO:
- Sign out of Peakon, then sign back in using your work email address and continue.
- Peakon should redirect you to the SSO page in your identity management tool, then redirect back to Peakon.