Connection Settings

Provide the information required to connect to the Workday instance source. Basic Authentication and OAuth 2.0 Authenticationtypes are supported.

Basic Authentication

  1. Enter the Workday URL that is used to connect to the Human Resource module of Workday.

    Use the following URL format: https://wd2-impl-services1.workday.com/ccx/service/tenant1/Human_Resources, where tenant1 is the Workday tenant name.

    Note
    The Workday source only supports the Human Resource module of Workday.

  2. Select Basic as the Authentication Type.

  3. Provide the following details for the Basic Authentication Type:

    • Service Account – The Workday account with required permissions. The account must be in this format:<username>@<tenantname>

    • Password – The password that belongs to the service account.

    • Provisioning Administrator – The name of the provisioning administrator having permission to update the Workday account.

    • Provisioning Administrator Password – The password of the provisioning administrator with update permission.

Rest Client API Configuration

For Basic authentication, enable the REST API option to perform the provisioning operation on custom objects.

  1. Enter the REST API Endpoint of the Workday server. For example,

    https://WORKDAY_HOST/ccx/api/v1/TENANT_NAME

  2. In Token Endpoint, enter the Workday token API endpoint. For example,

    https://WORKDAY_HOST/ccx/oauth2/TENANT_NAME/token

    Note
    The values of the REST API Endpoint and Token Endpoint can be obtained from the View API Clients report in Workday application.

  3. Enter the Workday API Client ID and Client Secret.

  4. Enter the Workday API Refresh Token.

    Note
    Ensure that the token never expires.

OAuth 2.0 Authentication

  1. Enter the Workday URL that is used to connect to the Human Resource module of Workday.

    Use the following URL format: https://wd2-impl-services1.workday.com/ccx/service/tenant1/Human_Resources, where tenant1 is the Workday tenant name.

    Note
    The Workday source only supports the Human Resource module of Workday.

  2. Select OAuth 2.0 as the Authentication Type.

  3. Provide the following details for the Refresh Token Grant Type:

    • Client ID – Workday API client ID.

    • Client Secret – Workday API client secret.

    • Refresh Token – Non-expiry Workday API refresh token.

      Note:
      To use the OAuth 2.0 authentication in preexisting sources, update the source XML with connector_key="encrypted" value="refreshTokenDummy,clientSecretDummy,oauth_token_info"
      using Identity Security Cloud REST API.

    • REST API Endpoint – This is the REST API Endpoint of the Workday server.

      For example, you can use the following:

      https://WORKDAY_HOST/ccx/api/v1/TENANT_NAME.

Connection Parameters

  1. Enter the value for Page Size to fetch the number of records during aggregation in a single call (Limit 1 to 999). Default: 100.

  2. Enter the Connection Timeout value in minutes. Default: 1 minute.

  3. Enter the number of the Aggregation Thread Size. The default value is 4 (this is the maximum number of threads). You can set it to a lower value (for example, 2 or 3) depending on the system load. This parallel aggregation improves performance by reducing the time required to finish aggregation. The Workday source aggregates the active and terminated accounts.

  4. Enter the value in Effective Time Zone that has the location and the time zone based on how the HR data (Hire, Termination, Re-hire, Conversion) is processed. Default: UTC.

    Note
    SailPoint recommends the use of the Effective Time Zone parameter during aggregation to avoid account issues.

    For example, if the Workday server is in the PST time zone then enter the America/Los Angeles time zone in this field. The following examples are supported valid timezones for Effective Time Zone:

    • America/New_York

    • America/Los_Angeles

    • America/Chicago

    • PST

    • HST

    • Asia/Dubai

    • CET

    • GMT

    • ACT

    • Australia/Melbourne