Creation of the Integration Security Group

This section describes creation of the integration security group for constrained and unconstrained security groups.

Constrained

1. On the Workday accounts system, search for the Create Security Group task.
2. Select Integration System Security Group (Constrained).
3. Provide a name to the integration group. Create two groups as follows:
   • For the Read group (SailPoint_Read_Group)
   • For the Write (provisioning) group (SailPoint_Write_Group)
4. Add the Integration System Users created in Creation of Integration User to the respective groups.

5. Select single or multiple organizations for whom the integration group would have access.

   Note
   The organizations selected have to be of the same type (such as, SUPERVISORY, COST_CENTER).

6. For access rights to organizations, select the option for Applies to Current Organization Only.

Unconstrained

1. Create the Integration System Security Group (Unconstrained).
2. Perform the following for the Integration System Security Group:

   • Add the user in the Integration System Security Group (Unconstrained). The permissions are given to integration system groups that are attached to the integration system.

   • Modify the Integration System Security Group to associate Maintain Contact information Domain

   • Modify the Integration System Security Group to associate the domains required by the Workday Integration System.

3. For updating the UserID (User Name on Workday) provide the GET and PUT permission for the relevant security group for the Domain Security Policy:
   • Workday Accounts (Functional area: System)