Connect Workday

This page describes how to connect Workday to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before you create a Workday connector, make sure you have the following:

  • Client ID
  • Client secret key
  • Refresh token

These credentials are necessary for connection authentication.

Use the following steps to generate a client ID, secret key, and refresh token, create a new user in the Workday instance, assign them to a security group, and grant the necessary permissions.

  1. Set up Workday and register API client in Workday

    To register an API client in Workday, do the following:

    1. Sign in to your Workday instance. For example, https://YOUR_INSTANCE_ID.workday.com/wday/authgwy/YOUR_TENANT/login.html

    2. In the search bar, search for Register API client.

    3. Click Register API client for integrations.

    4. In the Register API client form:

      1. Enter Client name.
      2. Set Client type to Authorization code grant.
      3. Set Access token type to Bearer.
      4. Provide Redirection URL.
      5. Set Refresh token timeout (in days).
      6. Add necessary Scopes (Functional area).
      7. Click Ok.
      register-api-client-form
      Register API client form

    Workday generates the following details:

    • Client ID
    • Workday REST API endpoint
    • Token endpoint
    • Authorization endpoint

  2. Set permissions and roles for Workday user

    To set up an integration system user, create a security group, add the user to the group, and assign required permissions, do the following:

    1. Create integration system user:

      1. Search for Create system integration group task.

      2. In the form:

        1. Enter Username.
        2. Set Password.
        3. Set Session timeout to 0.
        4. Check Do not allow UI sessions.
        5. Click Ok.
      create-integration-system-user
      Create integration system user form

      The created user details are displayed.

      create-user-details
      Created user details

    2. Create integration security group:

      1. Search for Create security group.
      2. In the dialog window:
        1. Select Type as Integration system security group (Constrained).
        2. Enter a Name.
        3. Click Ok
      create-security-group-form
      Create security group form

      1. In the Edit integration system security group (Constrained) window:

        1. Add the Integration system user to the group under Integration system users.
        2. Add relevant Organizations.
        3. Click Ok.
        4. Click Done.
      edit-integration-system-security-group
      Edit integration system security group
      isu-security-config
      Integration system user security configuration

    3. Grant domain access:

      1. Search for Maintain permission for security group.

      2. In the dialog window:

        1. Set Operation as Maintain.
        2. Add the created Security group.

        3. Click the three dots (...) beside the group name and select Edit.

          maintain-permissions-form
          Edit the security group

      3. In the Maintain permission for security group page:

        1. Click the icon under Domain security policy permissions.
        2. Add the following permissions for View/modify access and domain security policy:
          • Worker
            • Worker data: Public worker reports
            • Worker data: Job details
            • Worker data: Organization information
            • Worker data: Worker ID
          • Customer
            • View: Customer
          • Jobs
            • Worker data: All positions

        3. Click Ok.

          maintain-permissions-for-security-group
          Maintain permissions for security group

        4. Click Done.

          view-security-group
          View security group

        5. Repeat the search for Maintain permission for security group, verify that the roles and policies are added, and click Ok.

          maintain-permissions-for-security-form
          Maintain permissions for security group form

    4. Activate pending security policy changes:

      1. Search for Activate pending security policy changes.

      2. In the Activate pending policy changes page:

        1. Add Comments.

        2. Click Ok.

          activate-pending-changes
          Activate pending changes

      3. Review the changes on the Activate pending security policy changes page

      4. Click Confirm.

      5. Click Ok.

        activate-policy-changes
        Activate policy changes

      The View security timestamp page is displayed.

      security-timestamp
      Security timestamp

    5. Generate refresh token:

      1. Search for Register API client for integration.

      2. In the form:

        1. Enter Client name.
        2. Select Non-expiring Refresh token.
        3. Add Scopes: Personal data and Integration.

        4. Click Done.

          register-api-client
          Register API client for integration

      3. Search for View API clients.

      4. Navigate to API clients for integrations.

      5. Locate the created user.

      6. Click the three dots (...) next to the user and select API client >> Manage refresh token for integration.

        api-client-integrations
        Manage refresh token for integration

      7. In the dialog window:

        1. Select the Workday account user

        2. Click Ok

          api-client-integrations-ok
          Select the Workday account user

      8. On the Delete or regenerate refresh token page:

        1. Select Generate new refresh token.
        2. Click Ok.
        delete-or-regenerate-refresh-token
        Select generate new refresh token

      You can see the Successfully regenerated refresh token confirmation message with details.

Create a Workday connector

Console

To use the Google Cloud console to sync data from Workday to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Workday to connect your third-party source.

    select-datasource
    Select data source

  5. Enter the required authentication details:

    • Client ID
    • Client secret
    • Refresh token

  6. Click Continue.

    enter-auth-details
    Enter authentication details

  7. Under Destinations, in the URL field, enter Host 1.

  8. Click Continue.

    enter-urls
    Enter URLs

  9. Under Advanced options, enter the tenant ID and click Continue.

    enter-workday-tenant
    Enter Workday tenant

  10. Select which entities to sync.

  11. Select a synchronization frequency and click Continue.

    sync-frequency
    Sync frequency

  12. Select a region for your datastore.

  13. Enter a name for your data connector.

  14. Click Create. Agentspace Enterprise creates your datastore and displays your data stores on the Data stores page.

  15. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps