Configure Workday reports for ingestion

This page describes how to configure Workday reports for ingestion.

Get the Workday report URL

1. In Workday, navigate to the report.

2. In the top blue bar, click the three dots next to the report name, then click Web Service > View URLs.

   

3. Optionally add any parameter (for example, prompt) values. Then click OK.

   

4. Next to the JSON section, click the three dots, then click Copy URL. This gives you the report URL. Ensure that you don't truncate format=json at the end of the URL.

   

(Optional) Create an integrated system user (ISU) in Workday

1. In the Workday search bar, type Create user.
2. Click Create Integration System User : Task.
3. Enter a username and password.
4. Select the Do Not Allow UI Sessions checkbox. This user will only access the RaaS API.

(Optional) Create a security group and add the user to it

1. In the Workday search bar, type Create Security Group.
2. Click Create Security Group : Task.
3. Set the type to Integration System Security Group (Unconstrained).
4. Enter a name.
5. Add the ISU user to the group: Type the prefix, press Enter, and pick the correct user. Then click OK.

Add domain security policies to the security group

1. In the Workday search bar, type View Security Group.
2. Click View Security Group : Report.
3. In the View Security Group form, type the prefix of the previously created security group, select it, and then click OK.
4. In the top blue bar, click the three dots next to the report name, then click Web Service > View URLs.
5. Select Security Group > Maintain Domain Permission for the security group.
6. Under Integration Permission, add the required domain security policies for GET access. For each policy, type a differentiating prefix in the search bar, press Enter, and select the appropriate options. The exact policies that you need depend on the chosen report. Some useful policies to start with include:
   • Worker Data: Current Staffing Information
   • Worker Data: Public Worker Reports
   • Worker Data: Active and Terminated Workers
   • Worker Data: All Positions
   • Worker Data: Business Title on Worker Profile
   • Person Data: Work Contact Information
   • Worker Data: Workers
   • Workday Accounts
7. Click OK.
8. Click Done.
9. In the Workday search bar, type Activate Pending Security Policy Changes and select it. When the form appears, type a comment and click OK.
10. Click Confirm and click OK.

Create an API client, add functional scopes, and generate a refresh token for the ISU user

1. In the Workday search bar, type Register API Client.

   

2. Click Register API Client for Integrations : Task.

3. Enter a Client Name.

4. Click Non Expiring Refresh Token.

5. In the Scope search bar, type System and select it.

6. Click OK.

   

7. Copy the Client ID and Client Secret, then click Done.

   

8. In the View Integration System Security Group page, note the functional areas under Domain Security Policy Permissions.

   

   Then, add these as Scopes/Functional Areas in the API Client:

   a. In the search bar, type View API Client. a. Choose your API client from the list.

   

   a. In the top blue bar, click the three dots, then click API Client and Edit API Clients for Integrations.

   

   a. In the Scope (Functional Areas) field, search for and add the functional areas that you noted.

   

   a. In the same menu as before, select Manage Refresh Token for Integrations.

   

   a. In the form, search for the ISU user and select it.

   

   a. Click OK.

9. Click Generate New Refresh Token and Confirm Delete.

   

10. Copy the refresh token for later use in the pipeline.

    

Next steps

Ingest Workday reports