You can use Security Assertion Markup Language (SAML) for single sign-on (SSO) in Peakon. Example: Users with manager and personal dashboard access can sign in with their existing company identity without requiring separate sign-in credentials for Peakon.
Peakon integrates with any external system capable of acting as a SAML 2.0 identity provider.
SAML is a standard for exchanging authentication and authorization data between security domains. It enables administrators to manage user credentials centrally through a third-party identity provider (IdP). Example: Okta. Once configured, users can access Peakon directly from the organization's central app portal.
Users can initiate sign-in from service provider websites and from app portals of identity providers.
Popular hosted services with SAML support include, but are not limited to:
- G Suite (Google Apps)
- Microsoft ADFS
- Microsoft Entra
Peakon is deprecating the legacy app.peakon.com domain and replacing it with a unique subdomain per customer. Ensure that your SSO configuration reflects your organization's subdomain before August 2024. See more: Workday Peakon legacy domain retirement.
Users who access their dashboards for the first time using their email confirmation link, will gain access without having to authenticate using SSO for the first time only. All subsequent logins require the authentication via SSO.
Contact Customer Care if your organization uses multiple email domains so they can add them as supported domains to your organization's account.
Employee email addresses must be an exact match to the email address on the organization's identity provider. Consider this if your organization uses email aliases.
- Set the Require single sign-on setting to Everyone if you want to ensure that all users authenticate through SSO only.
- Enable the Force legacy domain setting if you're an existing customer switching to a Peakon subdomain and your SSO provider doesn't allow multiple callback URLs.
- Only Peakon administrators can access SSO configuration on Peakon.
- It's not possible to add common email domains on your Peakon account for SSO. Example. @gmail.com.