This guidance assumes you have Admin privileges for your Workday account.

Finding your Workday Tenant

1

Log into Workday

Log into your Workday account. Look at the address bar at the top of the browser window where the URL is displayed. Find your tenant immediately after workday.com/.

Workday Tenant

Set up an Integration System User

1

Search for Create Integration System User

Log in to your Workday tenant in the Workday portal. In the Search field, search for “Create Integration System User”.

Create Integration System User
2

Choose the Task

Choose the “Create Integration System User” task.

3

Enter Account Information

Enter a username and password in the Account Information section on the “Create Integration System User” page.

Account Information
4

Click OK

Click OK.

Add the Integration System User to a Security Group

1

Search for Create Security Group

In the Search field, search for “Create Security Group”. Select the “Create Security Group” task.

Create Security Group
2

Select Security Group Type

On the “Create Security Group” page, select “Integration System Security Group” from the Type of Tenanted Security Group pull-down menu. Enter a name in the Name field.

Security Group Type
3

Click OK

Click OK.

4

Edit Integration System Security Group

On the “Edit Integration System Security Group (Unconstrained)” page, enter the same name you used when creating the ISU in the first section. Click OK.

Configure Domain Security Policy Permissions

1

Edit Permissions

The Workday HRIS integration currently requires all of the permissions listed below to be enabled for full support.

Workday’s API may return an error response if any of these permissions are missing.

Edit the Domain Security Policy Permissions in the Security Group.

You can reach this interface by searching for “Maintain Permissions for Security Group” in the search bar, and selecting the name of the Security Group you created in the previous step.

This integration uses the following Workday Security Group Permissions. For each listed permission, select either Get Only for read-only access, or Get and Put for read and write access in the View/Modify Access column.

View/Modify Access

Please note that Security Group Permissions can be customized within a Workday organization, and this list does not account for such customizations.

  • Job Requisition Data
  • Job Information
  • Job Profile: View
  • Manage:
    • Location
    • Organization Integration
  • Person Data:
    • Name
    • Citizenship Status
    • Date of Birth
    • Disabilities
    • Gender
    • Government IDs
    • ID Information
    • Marital Status
    • National ID Identification
    • Personal Information
    • Personal Data
    • Personal Photo
    • Home Contact Information
    • Home Address
    • Home Email
    • Home Phone
    • Work Contact Information
    • Work Address
    • Work Email
    • Work Phone
  • Worker Data:
    • All Positions
    • Compensation
    • Current Staffing Information
    • Employment Data
    • Organization Information
    • Public Worker Reports
    • Time Off
      • Time Off
      • Time Off Manager View
      • Time Off Balances
      • Time Off Balances Manager View
    • Leave of Absence
    • Workers
  • View: National Identifiers - All

Approve the Security Policy Changes

1

Search for Activate Pending Security Policy Changes

In the Search bar, search for “Activate Pending Security Policy Changes”. Review the policies that need approval in the summary of the changes in the security policy. Approve the pending security policy changes to activate them.

Register the Rest API Client

1

Go to Register API Client

Go to the Register API Client for Integration Task.

Human Resources Web Service
2

Register API Client

Register the API Client with the following details and then click on OK button

  • Client Name: e.g. StackOne_Integrations
  • Non-Expiring Refresh Tokens: Check the box
  • Scopes: Select the required functional scopes to enable data access via API.
    • Staffing
    • Time Tracking
    • Time Off and Leave
    • System
    • Workday Designer
WSDL Service
3

Copy the credentials

After registering the client, you will be redirected to a page displaying the Client ID and Client Secret. Make sure to copy and securely store these credentials.

WSDL Service
4

Generate the Refresh token

Follow the steps below to generate the refresh tokens.

  • At the top of the page, click the menu (⋯) icon.
  • Select API Client from the menu.
  • Click on Manage Refresh Tokens for Integrations.
WSDL Service

Once you select menu (⋯) → API Client → Manage Refresh Tokens for Integrations, you will be redirected to a screen to choose your Workday account (the Integration System User you created earlier). Select the account and click OK.

WSDL Service

Once you’re on the Refresh Token page, select Generate New Refresh Token and click OK.

WSDL Service

Once the refresh token is generated successfully, copy the token and click Done.

WSDL Service

Linking to StackOne

You can use the Client ID, Client Secret and Refresh Token credentials you created in steps 3 and 4 to link Workday.

Link to StackOne

Congratulations, you’re all set! If you face any issues with the steps mentioned above, please contact us by emailing integrations@stackone.com. We’re always here to assist you!