Skip to main content

Configure Workday reports for ingestion

This page describes how to configure Workday reports for ingestion.

Get the Workday report URL

  1. In Workday, navigate to the report.

  2. In the top blue bar, click the three dots next to the report name, then click Web Service > View URLs.

    Workday report View URLs button

  3. Optionally add any parameter (for example, prompt) values. Then click OK.

    Add Workday report parameters, like prompts

  4. Next to the JSON section, click the three dots, then click Copy URL. This gives you the report URL. Ensure that you don't truncate format=json at the end of the URL.

    Copy Workday report URL

(Optional) Create an integrated system user (ISU) in Workday

  1. In the Workday search bar, type Create user.
  2. Click Create Integration System User : Task.
  3. Enter a username and password.
  4. Select the Do Not Allow UI Sessions checkbox. This user will only access the RaaS API.

(Optional) Create a security group and add the user to it

  1. In the Workday search bar, type Create Security Group.
  2. Click Create Security Group : Task.
  3. Set the type to Integration System Security Group (Unconstrained).
  4. Enter a name.
  5. Add the ISU user to the group: Type the prefix, press Enter, and pick the correct user. Then click OK.

Add domain security policies to the security group

  1. In the Workday search bar, type View Security Group.
  2. Click View Security Group : Report.
  3. In the View Security Group form, type the prefix of the previously created security group, select it, and then click OK.
  4. In the top blue bar, click the three dots next to the report name, then click Web Service > View URLs.
  5. Select Security Group > Maintain Domain Permission for the security group.
  6. Under Integration Permission, add the required domain security policies for GET access. For each policy, type a differentiating prefix in the search bar, press Enter, and select the appropriate options. The exact policies that you need depend on the chosen report. Some useful policies to start with include:
    • Worker Data: Current Staffing Information
    • Worker Data: Public Worker Reports
    • Worker Data: Active and Terminated Workers
    • Worker Data: All Positions
    • Worker Data: Business Title on Worker Profile
    • Person Data: Work Contact Information
    • Worker Data: Workers
    • Workday Accounts
  7. Click OK.
  8. Click Done.
  9. In the Workday search bar, type Activate Pending Security Policy Changes and select it. When the form appears, type a comment and click OK.
  10. Click Confirm and click OK.

Create an API client, add functional scopes, and generate a refresh token for the ISU user

  1. In the Workday search bar, type Register API Client.

    Workday search bar: Register API Client task

  2. Click Register API Client for Integrations : Task.

  3. Enter a Client Name.

  4. Click Non Expiring Refresh Token.

  5. In the Scope search bar, type System and select it.

  6. Click OK.

    Workday Register API Client for Integrations dialog box

  7. Copy the Client ID and Client Secret, then click Done.

    Copy client ID and client secret

  8. In the View Integration System Security Group page, note the functional areas under Domain Security Policy Permissions.

    Functional Areas column of Domain Security Policy Permissions

    Then, add these as Scopes/Functional Areas in the API Client:

    a. In the search bar, type View API Client. a. Choose your API client from the list.

    View API client list

    a. In the top blue bar, click the three dots, then click API Client and Edit API Clients for Integrations.

    Edit API client

    a. In the Scope (Functional Areas) field, search for and add the functional areas that you noted.

    Add functional areas to client

    a. In the same menu as before, select Manage Refresh Token for Integrations.

    Manage refresh tokens for integrations

    a. In the form, search for the ISU user and select it.

    Workday account field: Add ISU

    a. Click OK.

  9. Click Generate New Refresh Token and Confirm Delete.

    Generate New Refresh Token and Confirm Delete buttons

  10. Copy the refresh token for later use in the pipeline.

    Copy refresh token value

Next steps

Ingest Workday reports