Step One: Create an Integration System User (ISU)

1. In your Workday portal, log into the Workday tenant.

2. In the Search field, type Create Integration System User.

3. Select the Create Integration System User task.
   

   

   1092×258 16.3 KB

4. On the Create Integration System User page, in the Account Information section, enter a user name, and enter and confirm a password.

5. Click OK.
   

   

   1263×792 68.8 KB

Note: due to xml encoding, “&”, “<”, and “>” cannot be included in the password.

Note: Make sure Require New Password at Next Sign In is NOT checked.

Note: You’ll want to add this user to the list of System Users to make sure the password doesn’t expire.

Step Two: Create a Security Group and Assign an Integration System User

Now, add this Integration System User to a Security Group:

1. In the Search field, type Create Security Group.
   
   

   1084×256 14.5 KB
2. Select the Create Security Group task.
3. Click OK.
4. Within the Create Security Group page, choose “Integration System Security Group (Unconstrained)” from the “Type of Tenanted Security Group” dropdown menu
5. In the Name field, enter a name.

783×408 28.3 KB

6. Click OK.
7. Please input the identical name that you previously used during the ISU creation process in the first section into the “Name” field on the Edit Integration System Security Group (Unconstrained) page.
   
   

   1110×743 37.1 KB
8. Click OK.

Step Three: Configure Domain Security Policy Permissions

1. In the Search field, type Maintain Permissions for Security Group
   
2. Please ensure that the Operation is set to “Maintain,” and confirm that the Source Security Group matches the security group assigned in Step 2.
   
   

   1242×588 34.3 KB
3. Add the corresponding Domain Security Policy according to your need. Please note Get Only is just to read data whereas for creating where as Get and Put is to read and create/update. You can consult with your implementation partner/administrator to configure these API permissions.

1600×566 94.7 KB

Please note: Permissions might differ from one implementation to another, so this may require working with your Workday administrator or implementation team to do so.

Step Four: Activate Security Policy Changes

1. In the search bar, type “Activate Pending Security Policy Changes” to view a summary of the changes in the security policy that needs to be approved.
   
   
2. Add any relevant comments on the window that pops up

1333×777 42.6 KB

3. Confirm the changes in order to accept the changes that are being made.
   
   

   1403×809 69.8 KB

Step Five: Validate Authentication Policy is Sufficient

Check the Manage Authentication Policies section to ensure the ISU you created is added to a policy that can access the necessary domains. It should not be restricted to only the “SAML” Allowed Authentication Types – if this is the case, you can create a new Authentication Policy with a “User Name Password” Allowed Authentication Type. For now, let us edit the one in our case.

1. Editing Authentication Policies
   

   

   1600×453 76.3 KB

2. Ensure that the Environments are configured accurately. In our case it is implementation and sales. Then, establish an Authentication Rule Name and include the Security Group within the rule.
   

   

   1600×608 101 KB

3. Make sure the Allowed Authentication Types is set to specific User Name Password or set to Any
   

   

   1600×573 58.6 KB

Step Six: Activate All Pending Authentication Policy Changes

1. In the search bar type, Activate All Pending Authentication Policy Changes
   

   

   1116×288 18.1 KB

2. Put a comment and proceed to the next screen, and confirm the changes. This will save the Authentication Policy that was just created.
   

   

   1462×263 40.8 KB

Step Seven: Obtain the Web Services Endpoint for Workday Tenant

We’ll need access to your specific Workday web services endpoint:

1. Search in Workday for Public Web Services.
   

   

   1094×252 13.1 KB

2. Open Public Web Services Report.

3. Hover over any item, and click the three dots to open the menu.

4. Click Web Services > View WSDL.

5. Navigate to the bottom of the page that opens and you’ll find the host.

6. Copy everything until you see /service. This should look something like https://wd5-services1.myworkday.com or https://wd2-impl-services1.workday.com

1140×125 6.77 KB

Enter Credentials into Integration Service

1. Hostname: Enter the Web Services Endpoint you found from Step seven point 6
   
   

   512×563 28.5 KB
2. Username: Input the Integration System User’s name that was created in the Step One
3. Password: Input the password for the Integration System User that you created in Step One
4. Tenant: Enter your Workday Tenant name

• Example: If you sign in at “https://wd5-services1.workday.com/UiPath”, enter “UiPath”.

5. You have created a new connection now

1159×665 45.4 KB