Integration Information

Before integrating, there are a few permissions we’ll need to set up in Workday to enable all the functionality we need.

Note: These tasks will need to be completed by a Workday implementation user with administrative access.

Permissions

Workday configures their permissions on a field-level, so we’ll need access to a number of fields to get things up and running. We’ve outlined some steps for granting permissions below:

Step 1 – Create an Integration System User (ISU)

In your Workday portal, log into the Workday tenant.
In the Search field, type Create Integration System User.
Select the Create Integration System User task.
Enter a new username
Enter and confirm password
1. For example:
  1. First name: Grayscale
  2. Last name: Integrations
  3. Username: GSIntegrations
  4. Email: integrations@grayscaleapp.com
  5. Generate a Password
Click OK

Production Tenant	Implementation Tenant
Make sure the check box next to “Do Not Allow UI Sessions” is checked.	Providing Grayscale with UI access is always appreciated / helpful for us to diagnose unexpected issues, but is not strictly necessary.

Notes:

Additional password rule: & , < , > are not supported characters due to xml encoding with our integration partner.
Ensure Require New Password at Next Sign In is NOT checked.
You’ll want to use the Task “Maintain Password Rules” and add the ISU user created above to make sure the password doesn’t expire.

Step 2 – Create a Security Group and Assign an Integration System User

Add this Integration System User to a Security Group:

Access the Create Security Group task
Select User-Based Security Group
Name the group – enter the same name you entered when creating the ISU in the first section
Select the Integration System User (GSIntegrations) and click OK
Click Done

Step 3 – Configure Domain Security Policy Permissions & Obtain the Web Services Operations for Workday Tenant

In the Search field, type Maintain Permissions for Security Group
Make sure the Operation is Maintain, and the Source Security Group is the same as the security group that was assigned in Step 2 (GSIntegrations)
From the Maintain Domain Permissions for Security Group page:
1. Find Integration Permissions
2. Add the corresponding Domain Security Policy with GET and PUT operations:

ATS – Functional Areas you need enabled

Recruiting
Pre-Hire Process
Person Data
Contact Information

Operation	Parent Domain	Subdomain
Get	Candidate Data: Job Application	Candidate Data: Interview Schedule Candidate Data: Offer Details Candidate Data: Other Jobs Jobs Requisitions for Recruiting
Get	Candidate Data: Questionnaires
Get	Candidate Data: Personal Information	Candidate Data: Personal Information
Get	Candidate Data: Other Information	Candidate Data: Photo
Get and Put	Candidate Data: Other Information	Candidate Data: Attachment
Get	Pre-Hire Process Data: Name and Contact Information	Pre-Hire Data: Contact Information Pre-Hire Data: Names
Get	Job Requisition Data
Get	Person Data: Personal Data	Person Data: Citizenship Status Person Data: Disabilities Person Data: ID Information Person Data: Marital Status Person Data: Date of Birth Person Data: Gender Person Data: Government IDs Person Data: Personal Information
Get	Person Data: Home Contact Information	Person Data: Home Address Person Data: Home Email Person Data: Home Instant Messenger Person Data: Home Phone Person Data: Home Web Address
Get	Person Data: Work Contact Information	Person Data: Work Address Person Data: Work Email Person Data: Work Instant Messenger Person Data: Work Phone Person Data: Work Web Address
Get	Manage: Location
Get	Manage: Evergreen Requisitions	Consolidated Candidate Pool Evergreen Reporting Link Evergreen and Job Requisitions

HRIS – Functional Areas you need enabled

Staffing

Operation	Parent Domain	Subdomain
Get and Put	Worker Data: Add Worker Documents and Document Library
Get	Worker Data: Public Worker Reports
Get	Worker Data: Workers

Once complete, the configuration for these domains should look similar to the below:

Step 4 – Activate Security Policy Changes

In the search bar, type "Activate Pending Security Policy Changes" to view a summary of the changes in the security policy that needs to be approved.
After reviewing policies, approve the pending security policy changes in order to activate them.

Step 5 – Include ID in Candidate Name

In the Edit Tenant Setup - HCM section, turn on Candidate ID

“ID Definition for Candidate” : “Candidate ID”
Check the box next to: “Include ID in Candidate Name”

Preview Tenants Only – Enable Proxy Access

If UI access was granted, enable Proxy Access to a Recruiter who has been validated to access recruiting workflows. (This can be immensely helpful for our testing.)

Step 6 – Provide Information for Access

We’ll need a few pieces of information for access:

Username you created
Password for said user
Log in URL
Endpoint URL
- This should look something like: https://wd5-services1.myworkday.com/ccx
- The endpoint URL can be found by going to the Public Web Services report and clicking the related actions next to Recruiting > Web Service > View WSDL. This will open a new window (you will be prompted to sign in) and then scroll to the very bottom of all the code to find the URL.
Tenant Name
- This should look like: https://wd5-services1.workday.com/TENANT_NAME

The permissions should now all be configured appropriately!

Note: In Production, add the ISU security group to the authentication policy in Workday to allow for access.

Next Step – Configure SMS Consent Management Questionnaire

Workday ATS – SMS Consent Management

Workday ATS – Integration Custom Report for Workflow Steps

Workday ATS – Enable Real Time Data Subscription

Scope of Work – Workday ATS

SAP SuccessFactors Integration Instructions – Recruiting Module