Workday (OAuth)

Log into your Workday account. Look at the address bar at the top of the browser window where the URL is displayed. Find your tenant immediately after workday.com/.

Log in to your Workday tenant in the Workday portal. In the Search field, search for “Create Integration System User”.

Choose the “Create Integration System User” task.

Enter a username and password in the Account Information section on the “Create Integration System User” page.

Click OK.

In the Search field, search for “Create Security Group”. Select the “Create Security Group” task.

On the “Create Security Group” page, select “Integration System Security Group” from the Type of Tenanted Security Group pull-down menu. Enter a name in the Name field.

Click OK.

On the “Edit Integration System Security Group (Unconstrained)” page, enter the same name you used when creating the ISU in the first section. Click OK.

Edit the Domain Security Policy Permissions in the Security Group.

You can reach this interface by searching for “Maintain Permissions for Security Group” in the search bar, and selecting the name of the Security Group you created in the previous step.

This integration uses the following Workday Security Group Permissions. For each listed permission, select either Get Only for read-only access, or Get and Put for read and write access in the View/Modify Access column.

• Job Requisition Data
• Job Information
• Job Profile: View
• Manage:
  • Location
  • Organization Integration
• Person Data:
  • Name
  • Citizenship Status
  • Date of Birth
  • Disabilities
  • Gender
  • Government IDs
  • ID Information
  • Marital Status
  • National ID Identification
  • Personal Information
  • Personal Data
  • Personal Photo
  • Home Contact Information
  • Home Address
  • Home Email
  • Home Phone
  • Work Contact Information
  • Work Address
  • Work Email
  • Work Phone
• Worker Data:
  • All Positions
  • Compensation
  • Current Staffing Information
  • Employment Data
  • Organization Information
  • Public Worker Reports
  • Time Off
    • Time Off
    • Time Off Manager View
    • Time Off Balances
    • Time Off Balances Manager View
  • Leave of Absence
  • Workers
• View: National Identifiers - All

In the Search bar, search for “Activate Pending Security Policy Changes”. Review the policies that need approval in the summary of the changes in the security policy. Approve the pending security policy changes to activate them.

Go to the Register API Client for Integration Task.

Register the API Client with the following details and then click on OK button

• Client Name: e.g. StackOne_Integrations
• Non-Expiring Refresh Tokens: Check the box
• Scopes: Select the required functional scopes to enable data access via API.
  • Staffing
  • Time Tracking
  • Time Off and Leave
  • System
  • Workday Designer

After registering the client, you will be redirected to a page displaying the Client ID and Client Secret. Make sure to copy and securely store these credentials.

Follow the steps below to generate the refresh tokens.

• At the top of the page, click the menu (⋯) icon.
• Select API Client from the menu.
• Click on Manage Refresh Tokens for Integrations.

Once you select menu (⋯) → API Client → Manage Refresh Tokens for Integrations, you will be redirected to a screen to choose your Workday account (the Integration System User you created earlier). Select the account and click OK.

Once you’re on the Refresh Token page, select Generate New Refresh Token and click OK.

Once the refresh token is generated successfully, copy the token and click Done.