Introduction

• This guide outlines how to add your application as an administrator in Workday.
• To set up this integration, you will need the RaaS (Reports-as-a-Service) feature enabled — this may not be part of your base Workday package.
• The process consists of the main steps below:
  • Creating an Integration System User account for your application
  • Assigning the new user account to an Integration System Security Group
  • Ensuring that the Security Group has the necessary permissions in Workday
  • Creating and populating custom reports for the new user
  • Adding the new user as an authorized user in Workday
  • Obtaining the Reports-as-a-Service endpoint
• You'll need three pieces of information from your application to complete this process - user name, email address, and security group name.

Instructions

1. Log in to Workday with an account that has administrative privileges.
2. Create a user account and add it to a group by completing the following steps:

   • Search for and open the Create Integration System User task. This is where you will input the user name your application provides you.

   • Make sure to send the temporary password to the email address your application provided (at the end of this process).

   • Configure and save the Integration System User.

   • Search for and open the Create Security Group task.

   • In the Type of Tenanted Security Group field, choose Integration System Security Group (Unconstrained).

     

   • Enter a group name (provided by your application) and click OK.

   • Select your application from the Integration System Users choice list, click OK, and finally click Done.

3. Add the Integration Security Group to domains by completing the following steps:
   • Go to Security Group Settings and then Maintain Domain Permissions for Security Group.
   • Permit the following domain security policies to allow Get access under Integration Permissions:
     • Job Information
     • Manage: Location
     • Manage: Organization Integration
     • Person Data: Date of Birth
     • Person Data: Gender
     • Person Data: ID Information
     • Person Data: Work Contact Information
     • Workday Accounts
     • Worker Data: Active and Terminated Workers
     • Worker Data: All Positions
     • Worker Data: Business Title on Worker Profile
     • Worker Data: Current Staffing Information (or Current Job Profile Information)
     • Worker Data: Public Worker Reports
     • Worker Data: Workers
     • Worker Data: Organization Information
     • Note: there may be other permissions needed to fully show all of the fields that your application requests below. Please check the report fields to ensure that all fields are showing and update the domain security permissions as needed.
4. Activate Pending Security Policy Changes by completing the following steps.

   • Search for activate.

   • Click Activate Pending Security Policy Changes.

     

   • Enter a comment and click OK / Confirm.

5. Now you'll need to create and populate a Custom Report in Workday. When creating the report, make sure to select the Advanced report type and to have the Enable as Web Service box checked. The data source should be set to All Active and Terminated Workers. ****We would suggest naming the report User Report.

<aside>
🚨 **In order to ensure data is processed correctly, we perform strict validations on field names.** **To ensure that the checks pass, please make note of the following:**

1. Any deviations from the below fields or field names will result in an error when trying to connect. The checks are case-sensitive.

2. Not all employees will have data available for every field. However, if the field is not supplied, this will result in errors during Finch’s validation of the report. To circumvent this, please use Workday’s “Calculated Fields” to populate the field with value `-` when the source field is empty. You can also do this for any field that does not exist in your system, or for any field that you don’t wish to provide.

3. Fields are required unless specifically called out as optional.

</aside>

Below is a list of fields that the Finch API accepts for each individual in the generated report. Included is an example of a report.

• EmployeeId
  • This value represents a unique identifier for an individual in Workday. This value must be a string value and must be unique across all individuals.
• ManagerId
  • This value represents an identifier for the individual’s manager in Workday. This value must be a string value and must correspond to the EmployeeId value for another individual in the same report.
• UniqueID
  • This field was formerly used as an individual’s unique identifier, but can now be populated with any string value.
• FirstName
  • The individual’s first name. This field accepts any string value.
• MiddleName
  • The individual’s middle name. This field accepts any string value.
• LastName
  • The individual’s last name. This field accepts any string value.
• Username
  • This field was formerly used as an individual’s unique identifier, but can now be populated with any string value.
• Gender
  • The individual’s gender. This field accepts any string value.
• DateOfBirth
  • The individual’s date of birth. This field must be a string value in the format YYYY-MM-DD.
• PersonalEmail
  • The individual’s personal email address. This field accepts any string value.
• PersonalPhoneNumber
  • The individual’s personal phone number. This field accepts any string value.
• ResidenceLine1
  • The first line of an individual’s address. This field accepts any string value.
• ResidenceLine2
  • The second line of an individual’s address. This field accepts any string value.
• ResidenceCity
  • The city of an individual’s address. This field accepts any string value.
• ResidenceState
  • The state of an individual’s address. The field accepts any string value, but only valid US state or Canadian province/territory names are currently recognized.
  • Example(s): Alaska, California, New York, Alberta, British Columbia
• ResidencePostalCode
  • The postal code of an individual’s address. This field accepts any string value.
• ResidenceCountry
  • The country of an individual’s address. This field accepts any string value.
• WorkEmail
  • The individual’s work email address. This field accepts any string value.
• WorkPhoneNumber
  • The individual’s work phone number. This field accepts any string value.
• DepartmentName
  • The name of the department that the individual reports under. This field accepts any string value.
• EmploymentType
  • The individual’s type of employment. This field accepts the following string values and is not case sensitive:
  • regular, contractor
• EmploymentSubtype
  • The individual’s secondary employment type. This field accepts the following string values and is not case sensitive:
  • full time, part time, employee, intern, temp, seasonal, individual contractor, ft contractor
• Active
  • The individual’s employment status. This field accepts any string value.
  • For individuals with active employment status, this field should be set to one of [1, active]
  • For individuals with inactive employment status, this field should be set to one of [0, inactive]
• Title
  • The individual’s title or employment position. This field accepts any string value.
  • Example(s): Business Development Representative, Chief Executive Officer
• LocationLine1
  • The first line of the individual’s employment location. The field accepts any string value.
• LocationLine2
  • The second line of the individual’s employment location. The field accepts any string value.
• LocationCity
  • The city of the individual’s employment location. The field accepts any string value.
• LocationState
  • The state of the individual’s employment location. The field accepts any string value, but only valid US state or Canadian province/territory names are currently recognized.
  • Example(s): Alaska, California, New York, Alberta, British Columbia
• LocationPostalCode
• LocationCountry
• StartDate
• EndDate (optional)
• IncomeType (optional)
• IncomeType (optional)
• IncomeAmount (optional)
• IncomeCurrency (optional)
• EffectiveDate (optional)

1. Make sure to share the generated report with the user that was created in step 2 above. To do this, navigate to the Share tab within the report and click on the newly created Integration System User.
2. Now that the report’s fields and access are configured, you will need to obtain the RaaS (Reports-as-a-Service) endpoint by navigating to Actions —> Web Services —> View URLs. Make note of the URL that is in the JSON section for the Report.
3. Confirm that the generated JSON report is correctly formatted. It is recommended that you access the report by navigating to the report’s endpoint in your browser and logging in with the integration system user’s username and password. If the format of the report does not match what is described in step 6 above, please update your report generation configuration and generate a new report.
4. Log in through Finch Connect using the endpoint of the JSON report as well as the credentials of the integration system user’s username and password that has been granted access to the custom report’s endpoint.