Connect Workday

This page describes how to connect Workday to Agentspace Enterprise.

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before you create a Workday datastore, make sure you have the following:

  • Client ID
  • Client secret key
  • Refresh token

These credentials are necessary for connection authentication.

Use the following steps to generate a client ID, secret key, and refresh token, create a new user in the Workday instance, assign them to a security group, and grant the necessary permissions.

Register API client in Workday

To register an API client in Workday, do the following:

  1. Sign in to your Workday instance using administrator account. The login URL has following format: https://YOUR_INSTANCE_ID.workday.com/wday/authgwy/YOUR_TENANT/login.html

  2. In the search bar, search for Register API client for integrations.

  3. In the Register API client for integrations dialog:

    1. Enter Client name.
    2. Select Non-expiring refresh tokens checkbox.
    3. Select Include workday owned scope checkbox.
    4. Add all values in the Scope (Functional area) by pressing Ctrl+A and then spacebar.

    5. Click Ok.

      register-api-client-for-integration-form
      Register API client for integrations

  4. Save the Client ID and Client secret values from the confirmation page for later use.

    register-api-client-for-integration-confirmation
    Register API client for integrations confirmation

  5. Click Done.

Set permissions and roles for Workday user

To set up an integration system user, create a security group, add the user to the group, and assign required permissions, do the following:

Create integration system user

  1. In the search bar, search for Create integration system user.

  2. In the Create integration system user dialog:

    1. Enter Username.
    2. Set Password.
    3. Set Session timeout to 0.
    4. Select Do not allow UI sessions checkbox for enhanced security.

    5. Click Ok.

      create-integration-system-user
      Create integration system user

      The created user details are displayed. You can note down the username and password for later use.

      create-user-details
      Created user details

Create integration security group

  1. In the search bar, search for Create security group.

  2. In the Create security group dialog window:

    1. Select Type as Integration system security group (Unconstrained).
    2. Enter a Name.

    3. Click Ok.

      create-security-group-form
      Create security group

  3. In the Edit integration system security group (Unconstrained) window:

    1. The security group name entered in the previous step appears in the Name field.
    2. Add comments.
    3. In the Integration System Users field, add the username you created in the Create integration system user section.
    4. Click Ok.

    5. Click Done. You can note down the security group name for later use.

      edit-integration-system-security-group
      Edit integration system security group

Grant domain access

  1. In the search bar, search for Maintain permission for security group.

  2. In the Maintain permission for security group dialog window:

    1. Set Operation as Maintain.
    2. In the Source security group field, select the security group name you created in the Create integration security group section.

    3. Click Ok.

      maintain-permissions-form
      Edit the security group

  3. In the Maintain permission for security group page:

    1. Click the icon under Domain security policy permissions.
    2. Add the following permissions for Domain security policy permissions:
      • View and Modify
        • Workday Query Language
        • WQL for Workday Extend
      • View Only
        • HCM All Organizations
        • Indexed Data Source: Positions
        • Manage: Company
        • Manage: Cost Center
        • Manage: Custom Organization
        • Manage: Region
        • Manage: Supervisory Organization
        • Person Data: Work Email
        • Reports: Organization
        • Security Administration
        • Set Up: Compensation Guidelines
        • Set Up: Organization
        • Set Up: Payroll - Pay Group Specific
        • Worker Data: Active and Terminated Workers
        • Worker Data: Compensation Grade
        • Worker Data: Current Job Profile Information
        • Worker Data: Current Management Level Information
        • Worker Data: Current Staffing Information
        • Worker Data: Headcount Reports
        • Worker Data: Public Worker Reports
        • Worker Data: Work Shifts
        • Workday Accounts
      • Get Only
        • Reports: Organization
        • Worker Data: Public Worker Reports

    3. Click Ok.

      maintain-permissions-for-security-group
      Maintain permissions for security group

    4. Click Done.

      view-security-group
      View security group

    5. Repeat the search for Maintain permission for security group, verify that the roles and policies are added, and click Ok.

      maintain-permissions-for-security-form
      Maintain permissions for security group dialog

Add a security group for the integration system user

  1. In the search bar, search for Integration system user security configuration.

  2. In the Integration system user security configuration page:

    1. Search for the user using filters. For Filter condition select is, and enter the username you created in the Create integration system user section for Value.

      select-user
      Select user

    2. Click the three dots (...) next to the username.

    3. Select Security Profile > Assign integration system security groups.

      select-security-group
      Assign integration system security groups

    4. In the Assign integration system security groups for integration system user dialog, select the security group name you created in the Create integration security group section.

      select-security-group
      Select security group

    5. Click Ok.

    6. Click Done.

Activate pending security policy changes

  1. In the search bar, search for Activate pending security policy changes.

  2. In the Activate pending policy changes page:

    1. Add Comments.

    2. Click Ok.

      activate-pending-changes
      Activate pending changes

  3. Review the changes on the Activate pending security policy changes page.

  4. Select Confirm checkbox.

  5. Click Ok.

    activate-policy-changes
    Activate policy changes

    The View security timestamp page is displayed.

    security-timestamp
    Security timestamp

Generate refresh token

  1. In the search bar, search for View API clients.
  2. Navigate to API clients for integrations tab.
  3. Search for the API client using filters. For Filter condition select is, and enter the API client name you created in the Register API client in Workday section for Value.
  4. Click the three dots (...) next to the API client name and select API client > Manage refresh token for integration.
    api-client-integrations
    Manage refresh token for integration

  5. In the Manage refresh token for integration dialog:

    1. In the Workday account user field, select the username you created in the Create integration system user section.

    2. Click Ok.

      manage-refresh-token-ok
      Select the Workday account user

  6. On the Delete or regenerate refresh token page:

    1. Select Generate new refresh token checkbox.

    2. Click Ok.

      delete-or-regenerate-refresh-token
      Select generate new refresh token

  7. On the Successfully regenerated refresh token page:

    1. Copy the Refresh token for later use.

    2. Click Done.

      successfully-regenerated-refresh-token
      Successfully regenerated refresh token

Create a Workday datastore

Console

To use the Google Cloud console to sync data from Workday to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for Workday to connect your third-party source.

    select-datasource
    Select data source

  5. Enter the required authentication details:

    • Client ID
    • Client secret
    • Refresh token

  6. Click Continue.

    enter-auth-details
    Enter authentication details

  7. Under Destinations, in the Base URL field, enter the REST API endpoint URL, for example: https://wd5-impl-serrvices1.workday.com.

  8. Click Continue.

    enter-urls
    Enter URLs
    workday-rest-api
    Workday REST API

  9. Under Advanced options, enter the Tenant and Base Web URL.

    For example:

    • Tenant: google_gms1
    • Base Web URL: https://wd5-impl.workday.com
    enter-workday-tenant
    Enter Workday tenant
    enter-base-url
    Enter the base URL

  10. Select which entities to sync.

  11. Select a synchronization frequency and click Continue.

    sync-frequency
    Sync frequency

  12. Select a region for your datastore.

  13. Enter a name for your data connector.

  14. Click Create. Agentspace Enterprise creates your datastore and displays your data stores on the Data stores page.

  15. To check the status of your ingestion, go to the Data stores page and click your connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps