Dayforce SSO
Overview
SSO is setup for both PROD and TEST in Dayforce. Users will get the Microsoft login screen or logged in automatically.
PROD
TEST
Login Link
https://sso.dayforcehcm.com/greycounty
https://ssotest.dayforcehcm.com/greycounty
Azure Enterprise App
Ceridian Dayforce HCM - PROD ENV - Microsoft Azure
Ceridian Dayforce HCM - TEST ENV - Microsoft Azure
Non-SSO links and other environments can be found in the general Dayforce Solution - Dayforce | Knowledge Base | Grey County IT Help Desk
In Dayforce
HR adds UserPrincipalName to SSO section in user profile. This needs to match for users to be able to login.
There is no setup required in AD as long is the user account is active.
Setup Instructions from Dayforce
As the client has indicated they will be utilizing Azure, they will require the following to create the connections and provide the metadata.xml/URLs for the TEST and PROD environments. Once received, I will create the matching connections and point towards the respective databases.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ceridiandayforcehcm-tutorial
NOTE 1: Microsoft mentions a custom Attribute value – This can be ignored as we use the default additional Claim Name of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name (Not a URL)
Azure settings for TEST/STAGE instance:
Identifier/Entity ID: https://fs-test.dayforcehcm.com/sp
Reply/ACS URL: https://fs-test.dayforcehcm.com/sp/ACS.saml2
Sign-on/SP Login URL: https://ssotest.dayforcehcm.com/greycountystage
Azure settings for PROD instance:
Identifier/Entity ID: https://ncpingfederate.dayforcehcm.com/sp
Reply/ACS URL: https://ncpingfederate.dayforcehcm.com/sp/ACS.saml2
Sign-on/SP Login URL: https://sso.dayforcehcm.com/greycounty
NOTE 2: Microsoft makes an assumption about the Entity ID – Any Entity IDs not listed above should be removed from the connection setup.