Workday RaaS

Go to Create Integration System User

Search for and open the Create Integration System User task.

Enter account information

Enter a username and strong password in the Account Information section, then click OK to create the user.

Go to Create Custom Report

Search and navigate to the Create Custom Report task

Configure custom report

Follow the steps below to configure the custom report:

• Report Name: Must be unique within the tenant
• Report Type: Select Advanced
• Optimised for Performance: Tick this box to enhance performance
• Data Source: Choose the appropriate data source based on the data you need (e.g. Workers for HCM reporting).

Click OK to continue.Add and configure report fields:

• Click the + icon to add a field.
• Select a Business Object (e.g. Worker) in the Business Object column.
• Choose the specific field (e.g. Employee ID) in the Field column.
• Set aliases in Column Heading Override and Column Heading Override XML Alias to ensure stable field names in API responses.

For employee data, you can include the following fields:

• Employee_ID
• First_Name
• Last_Name
• Display_Name
• Email_Work
• Email_Home
• Phone_Work
• Phone_Home
• Job_Title
• Hire_Date
• Gender
• Date_Of_Birth
• Termination_Date
• Company_Name

Configure report filters (Optional)

Add filters to narrow the result data set (e.g. Supervisory Organisation – Primary Position).

Configure report prompts

Enable prompt display by ticking Display Prompt Values in Subtitle. Leave other settings at their defaults.

Configure advanced options

Tick Optimised for Performance and Enable As Web Service. Leave other advanced options unchanged.

Click OK to save the report.

Go to View Custom Report

Search for View Custom Report, select the report you just created, then click OK to open it.

Retrieve the Report URL

Open the three‑dot menu, select Web Service > View URLs; you will be redirected to the View URLs Web Service page.

Right‑click the Workday XML link and copy its URL.

Create a Security Group

Search for and open the Create Security Group task.

Select type of Tenanted Security Group

Choose Integration System Security Group (Unconstrained) and enter a name for the Security Group.

Click OK.

Assign the ISU to the Security Group

Select Integration System Users. Pick the ISU created earlier (or another integration user).

Click OK to save.

Go to Maintain Permissions for Security Group

Search for Maintain Permissions for Security Group and open it.

Select the Security Group you created in the steps above.

Configure Domain Security Policy Permissions

Set required Domain Security Policy Permissions to Get Only in the View/Modify Access column. Common Domain Security Policy Permissions are listed below:

Please note that Domain Security Policy Permissions can be customised within a Workday organisation, and this list does not account for such customisations.

Domain Security Policy	View/Modify Access
Job Information	Get Only
Person Data: Date of Birth	Get Only
Person Data: Ethnicity	Get Only
Person Data: Gender	Get Only
Person Data: Home Email	Get Only
Person Data: ID Information	Get Only
Person Data: Marital Status	Get Only
Person Data: Personal Data	Get Only
Person Data: Work Email	Get Only

Depending on the fields included in your custom report, additional Domain Security Policy Permissions may be required. If you encounter null values in the API response, review and add the necessary permissions accordingly.

Activate security changes

Search for Activate Pending Security Policy Changes and open it.

Optionally add a comment, then continue.

Review the summary, tick the confirmation box, and click OK.

You must activate security changes each time you modify Domain Security Policy Permissions; otherwise changes will not take effect.

Open the report

Search for View Custom Report.

Select your custom report.

Check current ownership

Navigate to the Share tab and view the Report Owned by value.

Transfer ownership (if required)

Transferring ownership revokes access from the current owner.
After transferring, ensure you reconnect in the StackOne Connector Hub using the new owner’s ISU credentials; otherwise you will encounter the The task submitted is not authorized error.

If the current owner is not the ISU you intend to use to connect with StackOne, open the three‑dot menu under Custom Report and select Transfer Ownership.

Enter the new ISU username in New Owner and click OK.

Grant access without transferring ownership

Granting access retains the current owner. Authorised users can access the report and connect via the StackOne Connector Hub using their ISU credentials and the Report URL.

To grant access, choose Edit under Custom Report from the three‑dot menu.

Three options exist under Report Definition Sharing Options; the appropriate option for controlled user access is described in this guide.

Go to the Share tab, select Share with specific authorized groups and users, choose the desired ISU in Authorized Users, then click OK.

Report Definition Sharing Options Explained

• Do Not Share Report Definition: Only the owner can access and retrieve data through the Report URL. If ownership changes or other ISU credentials are used, errors such as Report not found or The task submitted is not authorized may occur.
• Share with All Authorized Users: All ISU users can access the report. Ownership should remain with the report creator; otherwise StackOne connections using other users’ credentials may encounter a Report not found error.
• Share with Specific Authorized Groups and Users: Restrict access to selected groups/users.
  • No selection acts like Do Not Share Report Definition.
  • Selecting users allows both owner and selected ISU users to access the report (ownership must still stay with the report creator to avoid a Report not found error).

Connection errors

Null field values