Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Setting up Single Sign-On

Updated on May 5, 2021

After deciding how you want to implement SSO, you are ready to set it up.

  1. Send the SAML XML file that contains your SAML 2.0 federated metadata to the Pega Workforce Intelligence Service Delivery Team.
  2. Create a relying party in your identity provider configuration, using the URN and Assertion Consumer URL provided by Workforce Intelligence.
    URLURL: https://<domain-prefix>.auth.<region>
  3. Note: The process for creating a relying party is different depending on the identity provider that you use. For example, the link below is for Microsoft’s AD FS Management tool. Consult the documentation for your SAML identity provider to set up your relying party.

  4. Configure the relying party to provide the following SAML 2.0 Assertion claims:
    Assertion ClaimExample
    Persistent NameIDurn:oasis:names:tc:SAML:2.0:nameid-format:persistent
    First Name
    Last Name
  5. Note: These assertion claims are based on an AD FS environment. These claims are configured in AWS Cognito to identify the attributes Workforce Intelligence needs to extract from the SAML assertion. Claims may vary based on your identity provider.
  6. Choose an identity provider display name (if SSO fails and the user is taken to the login page).
  7. Ensure that the identity provider supports the following:
    • a SAML 2.0 Relay State
    • an HTTP-Redirect endpoint for SAML Requests
    • use of the POST binding for the SAML Response to the service provider
  8. Ensure that the authorization endpoints domain is approved on the client network proxy. For example: https://<domain-prefix>.auth.<region>

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us