Stay organized with collections
Save and categorize content based on your preferences.
When Workday actions are turned on, end users can ask the assistant to
create time off requests.
For example, a user could enter "schedule time off for next wed" into your
app. The assistant asks for additional details if necessary, and then asks the
user to confirm the time off request.
The assistant can read and edit the following Workday fields through actions:
Field
Description
Start date
Required. First day of the time off request, inclusive.
End date
Required. Last day of the time off request, inclusive.
Type
Type of time off requested. Defaults to vacation.
Description
Description of the time off request.
Set up authentication and permissions in Workday
Before turning on Workday actions, a Workday administrator must authorize and
set up a Workday connector for actions. This is required to connect your Workday
integration and allow read and write permission for actions.
In Workday, enter Register API Client task into the search bar and
select that task. The Register API Client form appears.
Enter a name for your new client.
For the client grant type, select Authorization Code Grant.
For the address token type, select Bearer.
Enter a refresh token timeout in days.
Enter the following redirect URI:
https://vertexaisearch.cloud.google.com/oauth-redirect
Select the following scopes:
Staffing
Time Off and Leave
Click OK.
Workday shows the details of your new client. Save the following
information:
Client ID
Client secret
Authorization endpoint
Next to the client name, click the three-dot icon (...) and select
Manage Refresh Tokens for Integrations.
Enter an authorized Workday account and click OK.
On the Delete or Regenerate Refresh Token page, select Generate
New Refresh Token and click OK.
After you add actions, the assistant can perform those actions on behalf of
your end users in the app. The first time a user asks the assistant to
perform a Workday action, they are asked to authorize access to their Workday
account. To use the assistant, users must have Agentspace Enterprise
Plus licenses.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[],[],null,["# Add Workday actions\n\n| **Preview:** You must be on the allowlist to use this feature.\n| **Note:** This is part of the assistant actions series. To set up other assistant actions, see [Set up assistant actions](/agentspace/docs/assistant-actions).\n\nWhen Workday actions are turned on, end users can ask the assistant to\ncreate time off requests.\n\nFor example, a user could enter \"schedule time off for next wed\" into your\napp. The assistant asks for additional details if necessary, and then asks the\nuser to confirm the time off request.\n\nThe assistant can read and edit the following Workday fields through actions:\n\n### Set up authentication and permissions in Workday\n\nBefore turning on Workday actions, a Workday administrator must authorize and\nset up a Workday connector for actions. This is required to connect your Workday\nintegration and allow read and write permission for actions.\n\n1. In Workday, enter **Register API Client** task into the search bar and select that task. The **Register API Client** form appears.\n2. Enter a name for your new client.\n3. For the client grant type, select **Authorization Code Grant**.\n4. For the address token type, select **Bearer**.\n5. Enter a refresh token timeout in days.\n6. Enter the following redirect URI: https://vertexaisearch.cloud.google.com/oauth-redirect\n7. Select the following scopes:\n - **Staffing**\n - **Time Off and Leave**\n8. Click **OK**.\n9. Workday shows the details of your new client. Save the following information:\n - Client ID\n - Client secret\n - Authorization endpoint\n10. Next to the client name, click the three-dot icon (...) and select **Manage Refresh Tokens for Integrations**.\n11. Enter an authorized Workday account and click **OK**.\n12. On the **Delete or Regenerate Refresh Token** page, select **Generate\n New Refresh Token** and click **OK**.\n13. Take note of the refresh token.\n\nConfigure a Workday action\n--------------------------\n\nBefore you begin, make sure that\na Workday administrator has completed the steps in\n[Set up authentication and permissions in Workday](#workday-auth)\nand provided you with the following:\n\n- Client ID\n- Client secret\n- Authorization endpoint URI\n\n### Configure Workday actions in the Google Cloud console\n\nGoogle recommends that you create actions through the Google Cloud console. To\nadd actions to your app using the console, do the following:\n\n1. In the Agentspace, go to the **[Agentspace\n page](https://console.cloud.google.com/gen-app-builder/)**.\n2. Go to your app.\n3. In the navigation menu, click **Actions**.\n4. For Workday, click **Connect**.\n5. Select a Workday instance.\n6. If prompted, enter authorization information for your connector. This is only required if the instance has not been configured for an action yet.\n7. Select which actions to enable.\n8. Click **Finish setup** . Your action is displayed on the **Actions** page.\n\n### Configure Workday actions using the API\n\nGoogle recommends that you create actions through the Agentspace.\nIf you need to create actions using the API, do the following:\n\n1. Create a workday connector:\n\n SERVER=https://discoveryengine.googleapis.com\n\n curl -X POST \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n -H \"Content-Type: application/json\" \\\n -H \"X-GFE-SSL: yes\" \\\n -H \"X-Goog-User-Project: \u003cvar translate=\"no\"\u003ePROJECT_NUMBER\u003c/var\u003e\" \\\n \"$SERVER/v1alpha/projects/\u003cvar translate=\"no\"\u003ePROJECT_NUMBER\u003c/var\u003e/locations/global:setUpDataConnector\" \\\n -d '{\n \"collectionId\": \"\u003cvar translate=\"no\"\u003ePROJECT_NUMBER\u003c/var\u003e\",\n \"collectionDisplayName\": \"\u003cvar translate=\"no\"\u003eYOUR_COLLECTION_DISPLAY_NAME\u003c/var\u003e\",\n \"dataConnector\": {\n \"dataSource\": \"workday\",\n \"params\": {\n \"client_id\": \"{client id from workday oauth 2.0 app}\",\n \"client_secret\": \"{client id from workday oauth 2.0 app}\",\n \"refresh_token\": \"{refresh token from workday oauth 2.0 app}\",\n \"tenant\": \"{tenant from workday oauth 2.0 app}\"\n },\n \"refreshInterval\": \"{ \u003e1800 }s\",\n \"entities\": [\n {\n \"entityName\": \"{workers/customers/jobs/organizations}\"\n },\n {\n \"entityName\": \"{workers/customers/jobs/organizations}\" // Optional, you can build up to 4 different entities\n }\n ],\n \"syncMode\": \"PERIODIC\",\n \"destinationConfigs\": [\n {\n \"key\": \"host\",\n \"destinations\": [\n {\n \"host\": \"destination-config\"\n }\n ]\n }\n ],\n }\n }'\n\n2. Update the connector to include the action configurations created that\n you created:\n\n PROJECT_NUMBER={YOUR PROJECT_NUMBER}\n COLLECTION_ID=\"{YOUR COLLECTION ID}\n\n curl -X PATCH \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token --project \"${PROJECT_NUMBER}\")\" \\\n -H \"Content-Type: application/json\" \\\n -H \"X-Goog-User-Project: ${PROJECT_NUMBER}\" \\\n \"$SERVER/v1alpha/projects/${PROJECT_NUMBER}/locations/global/collections/${COLLECTION_ID}/dataConnector?update_mask=action_config\" \\\n -d '{\n \"name\": \"projects/${PROJECT_NUMBER}/locations/global/collections/${COLLECTION_ID}/dataConnector\",\n \"action_config\": {\n \"is_action_configured\": true,\n \"action_params\": {\n \"\"client_id\": \"{client id from workday action oauth 2.0 app}\",\n \"client_secret\": \"{client secret from workday action oauth 2.0 app}\",\n \"auth_uri\": \"{Authorization endpoint from workdy action oauth 2.0 app}\"\n }\n }\n }'\n\n3. Enable Workday actions for your assistant:\n\n SERVER=https://discoveryengine.googleapis.com\n PROJECT_NUMBER={YOUR PROJECT_NUMBER}\n ENGINE_ID=\"{YOUR ENGINE ID}\"\n CONNECTOR_ID=\"{THE CONNECTOR'S COLLECTION ID YOU GENERATED IN PREVIOUS STEP}\"\n\n curl -X PATCH \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token --project \"${PROJECT_NUMBER}\")\" \\\n -H \"Content-Type: application/json\" \\\n -H \"X-Goog-User-Project: ${PROJECT_NUMBER}\" \\\n \"$SERVER/v1alpha/projects/${PROJECT_NUMBER}/locations/global/collections/default_collection/engines/${ENGINE_ID}/assistants/default_assistant?update_mask=enabledActions\" \\\n -d '{\n \"name\": \"projects/'\"${PROJECT_NUMBER}\"'/locations/global/collections/default_collection/engines/'\"${ENGINE_ID}\"'/assistants/default_assistant\",\n \"enabledActions\": {\n \"projects/'\"${PROJECT_NUMBER}\"'/locations/global/collections/'\"${CONNECTOR_ID}\"'/dataConnector\": {\n \"actionInfo\": [\n {\n \"actionName\": \"request_time_off\",\n \"actionDisplayName\": \"Request time off\"\n }\n ]\n }\n }\n }'\n\nAfter you add actions, the assistant can perform those actions on behalf of\nyour end users in the app. The first time a user asks the assistant to\nperform a Workday action, they are asked to authorize access to their Workday\naccount. To use the assistant, users must have [Agentspace Enterprise\nPlus](/agentspace/docs/licenses#about-subscriptions) licenses."]]
