Workday

To connect your Workday account, you must create an Integration System User with the appropriate permissions and provide the login information to Finch.

Add an Integration System User

Before you start

Please ensure that you have Administrator privileges in Workday before continuing with the instructions below.

Instructions

Step 1 - Create an Integration System User in Workday

1. Log in to your Workday portal.
2. In the search bar at the top of the page, search for Create Integration System User.
3. Select the Create Integration System User task.
4. Enter a User Name and Password of your choosing for the new Integration System User. Make sure the password does not contain any of the following characters: &, <, >
5. Save this login information as you'll need it later.
   
6. Please ensure that Require New Password at Next Sign In is not checked.
7. Set Session Timeout Minutes to 0.
8. Please ensure that Do Not Allow UI Sessions is checked.
9. Click OK to create the Integration System User.

Step 2 - Configure a Security Group

1. In the search bar at the top of the page, search for Create Security Group.
2. Select the Create Security Group task.
3. On the Create Security Group page, from the Type of Tenanted Security Group dropdown, select Integration System Security Group (Unconstrained).
4. Enter a name for the security group in the Name field.
5. Click OK to create the security group.
6. On the Edit Integration System Security Group (Unconstrained) page enter the name of the Integration System User you created in the Integration System Users field
   
7. Click OK to assign the Integration System User to the security group.

Step 3 - Configure the Domain Security Policy Permissions

1. In the search bar at the top of the page, search for Maintain Permissions for Security Group.
2. Select the Maintain Permissions for Security Group task.
3. Make sure the Operation is Maintain, and the Source Security Group is the security group you created.
4. Configure the Domain Security Policy Permissions based on the requirements of the Workday integration you are connecting and the information below.

Required Domain Security Policies

The following Domain Security Policies are the minimum set that are required in order to connect via Finch:

Optional Domain Security Policies

The following Domain Security Policies enable Finch to retrieve additional data, if required:

Step 4 - Activate Security Policy Changes

1. In the search bar at the top of the page, search for Activate Pending Security Policy Changes
2. Select the Activate Pending Security Policy Changes task.
3. View the summary of changes waiting to be approved and check the checkbox
   

Step 5 - Configure Authentication Policy

1. In the search bar at the top of the page, search for Manage Authentication Policies.
2. Select the Manage Authentication Policies report.
3. Verify that the Security Group is assigned to a policy that has an Allowed Authentication Type of User Name Password or Any.

   • If this is not the case, you must edit the relevant Authentication Policy to add a rule using the steps below:

   • Steps to Edit the Authentication Policy:

     1. Edit the Authentication Policy for the environment you want Finch to retrieve data from.
     2. Add a new Authentication Rule for the policy.
     3. Set the Authentication Rule Name to a unique value to identify the rule.
     4. Set the Security Group to the Security Group you created.
     5. Set the Authentication Conditions to Any and the Allowed Authentication Types to Specific > User Name Password.
        

Step 6 - Activate Authentication Policy Changes

1. In the search bar at the top of the page, search for Activate Pending Authentication Policy Changes.
2. Select the Activate Pending Authentication Policy Changes task.
3. View the summary of changes waiting to be approved and check the Confirm checkbox.
   

Step 7 - Obtain the Web Services Endpoint URL

1. In the search bar at the top of the page, search for Public Web Services.

2. Select the Public Web Services report.

3. Find the Human Resources (Public) item in the Web Service column and hover over it so you can click the ... menu that appears.

4. In the ... menu, click Web Service > View WSDL. A new page will open containing the technical specifications for the Workday Human Resources Web Service.

5. Scroll all the way to the bottom of the page and locate the line containing soapbind:address location=.

   • You can also search within the page using Ctrl+F or Cmd+F for the text soapbind:address location=.

6. Copy the URL up until /service. Your resulting Web Services Endpoint URL should look something like:
   https://wd5-services1.myworkday.com/ccx

   <wsdl:service name="Human_ResourcesService">
     <wsdl:port name="Human_Resources" binding="wd-wsdl:HumanResourcesBinding">
       <soapbind:address location="https://wd2-impl-services1.workday.com/ccx/service/"/>
     </wsdl:port>
   </wsdl:service>
   

7. Save this URL to provide in Finch Connect.

Step 8 - Connect Using Finch Connect

1. Navigate back to Finch Connect.
2. Paste the username and password created in Step 1 into the Username and Password fields.
3. Paste your Workday tenant ID into the Tenant ID field. You can find this value in the URL of your web browser when on the Workday home page:
   • If the URL looks like https://impl.workday.com/somecompany then your tenant ID is somecompany.
   • If the URL looks like https://somecompany.workday.com then your tenant ID is somecompany.
4. Paste the Web Services Endpoint URL you copied in Step 7 into the API Base URL field.
5. Click Connect.

Step 9 - Select a Company to Connect

• Finch Connect will ask you to select which company you’d like to connect. This is a list of companies retrieved from your Workday system that employees’ area is assigned to.
• The company you connect will be the only company Finch will retrieve data for. If you have other companies you also want to connect, you will have to repeat Step 8.