Workday configures their permissions on a granular level, so we’ll need access to a number of fields to get things up and running. We’ve outlined some steps for granting permissions below:
Create an Integration System User
You'll need to create an Integration System User in Workday, which you can do by:
Signing into Workday
Access the 'Create Integration System User' task
Enter a new username
Enter and confirm password
Note: You'll want to add this user to the list of System Users to make sure the password doesn't expire.
Create a Security Group and Assign an Integration System User
Now, add this Integration System User to a Security Group, which you can do by:
Accessing the Create Security Group task
Select 'User-Based Security Group'
Name the group
Select the Integration System User and click OK
Configure Domain Security Policy Permissions
In the Security Group, you will need to edit the Domain Security Policy Permissions and add the following GET operations:
Parent Domains Required for HRIS:
Parent Domains Required for ATS:
For a more detailed breakdown of the functional areas that are needed: here
Activate Security Policy Changes
In the search bar, type "Activate Pending Security Policy Changes" to view a summary of changes in security policy that need to be approved. After reviewing policies, approve the pending security policy changes in order to activate them.
Obtain the Web Services Endpoints for Workday Tenant
We'll need access to the Workday HR endpoints, so you can find these by:
Searching in Workday for 'Public Web Services'
Open 'Public Web Services Report'
Hover over 'Human resources' and click the three dots to access the menu
Click Web Services > View WSDL
Navigate to the bottom of the page that opens and you'll find the host
Note: Endpoints differ across tenants, so make sure to provide us with endpoints for each testing environment
Note: In production, add the ISU security group to the authentication policy in Workday to allow for access.