Skip to main content

Sync with Workday

David Head avatar
Written by David Head
Updated over a week ago

Overview

To authenticate your Workday account, you will need to provide the following information:

  • WSDL

  • ISU Username

  • ISU Password

  • Workday Tenant Name

Prerequisites

Please ensure you have Administrator permissions in your company's Workday instance to set up the integration:

Instructions

Step 1: Create an Integration System User (ISU)

  1. In your Workday portal, log into the Workday tenant

  2. In the Search field, type Create Integration System User

  3. Select the Create Integration System User task

  4. On the Create Integration System User page, in the Account Information section, enter a user name, and enter and confirm a password

    Important: "&", "", or ">" characters cannot be included in the password

  5. Click OK

  6. To ensure the password doesn't expire, you'll want to add this new user to the list of System Users. To do this, search for the Maintain Password Rules task.


    Add the ISU to the System Users exempt from password expiration field

  7. Enter the Integration System User name in the linking flow

  8. Enter the Integration System User password in the linking flow

Step 2: Create a Security Group and assign an Integration System User

  1. In the Search field, type Create Security Group


    Select the Create Security Group task.

  2. On the Create Security Group page, select Integration System Security Group (Unconstrained) from the Type of Tenanted Security Group pull-down menu.

  3. In the Name field, enter a name

  4. Click OK

  5. On the Edit Integration System Security Group (Unconstrained) page, in the Integration System Users field, enter the same name you entered when creating the ISU in the first section

  6. Click OK

Step 3: Configure domain security policy permissions

  1. In the Search field, type Maintain Permissions for Security Group

  2. Make sure the Operation is Maintain, and the Source Security Group is the same as the security group that was assigned in Step 2

On the next screen, add the corresponding Domain Security Policies

Permissions to Include

Operation

Domain Security Policy

Get Only

Worker Data: Public Worker Reports

Get Only

Worker Data: Workers

Get Only

Worker Data: All Positions

Get Only

Worker Data: Current Staffing Information

Get Only

Job Requisition Data

Get Only

Worker Data: Employment Data

Get Only

Worker Data: Organization Information

Get Only

Manage Pre-Hire Process: Manage Pre-Hires

Get and Put

Manage Pre-Hire Data

Get and Put

Candidate Data: Edit Job Application

Get and Put

Job Requisitions for Recruiting

Get and Put

Candidate Data: Personal Information

Get and Put

Set Up: Pre-Hire Process

Get and Put

Candidate Data: Other Information

Get and Put

Manage Pre-Hire Process

View and Modify

Candidate Data: Other Information

Get and Put

Candidate Data: Job Application

Get is the minimum required permission for this integration to work

Get and Put

Move Candidate

Get and Put

Prospects

Get

Manage: Evergreen Requisitions

Get

Job Postings

Get

Job Postings External

Get

Job Postings Internal

Get

Questionnaire

Get

Integration Build

Step 4: Activate security policy changes

  1. In the search bar, type "Activate Pending Security Policy Changes" to view a summary of the changes in the security policy that needs to be approved

  2. Add any relevant comments on the window that pops up

  3. Confirm the changes in order to accept the changes that are being made and hit OK

Step 5: Validate the authentication policy is sufficient

  1. Search for Manage Authentication Policies

  2. Click Edit on the authentication policy row

  3. Create an Authentication Rule

  4. Enter a name, add the Security Group, and ensure Allowed Authentication Types is set to Specific User Name Password or Any

Note: You don't have to create a new Authentication Rule if you already have an existing one set to User Name Password or Any. You can add the ISU you created to that rule instead.

You will need to create a new rule if SAML is the only Authentication Rule you see for "Allowed Authentication Types."

Step 6: Activate all pending authentication policy changes

  1. In the search bar type, activate all pending authentication policy changes

  2. Proceed to the next screen and confirm the changes. This will save the Authentication Policy that was just created or edited

Step 7: Obtain the web services endpoint URL

  1. Search in Workday for Public Web Services

  2. Find Human Resources (Public) if you are connecting Workday HRIS. Find Recruiting if you are connecting Workday ATS.

    Click the three dots to access the menu. Click Web Services > View WSDL

  3. Navigate to the bottom of the page that opens (it may take a few seconds to load)

  4. Copy the full URL provided under Human_ResourcesService (Workday HRIS) or RecruitingService (Workday ATS). The URL will have a format similar to https://wd2-impl-services1.workday.com/ccx/service/acme/Human_Resources/v43.0

  5. Enter the Web Services Endpoint URL into the linking flow

  6. Click Submit

Did this answer your question?