Creation of the Integration Security Group
This section describes creation of the integration security group for constrained and unconstrained security groups.
Constrained
- On the Workday Accounts system, search for the Create Security Group task.
- Select Integration System Security Group (Constrained).
- Provide a name to the integration group. Create two groups as follows:
- For the Read group (SailPoint_Read_Group)
- For the Write (provisioning) group (SailPoint_Write_Group)
-
Add the Integration System Users (SailPoint_Read_User, SailPoint_Write_User or both) created in Creation of Integration User to the respective groups.
-
Select single or multiple organizations for whom the integration group would have access.
Note
The organizations selected have to be of the same type (such as, SUPERVISORY, COST_CENTER). - For access rights to organizations, select the option for Applies to Current Organization Only.
Unconstrained
- Create the Integration System Security Group (Unconstrained).
- Perform the following for the Integration System Security Group:
Add the Integration System Users (SailPoint_Read_User, SailPoint_Write_User or both) created in Creation of Integration User in the Integration System Security Group (Unconstrained). The permissions are given to integration system groups that are attached to the integration system.
Modify the Integration System Security Group to associate Maintain Contact information Domain
Modify the Integration System Security Group to associate the domains required by the Workday Integration System.
Note
The Workday accounts fields in the Workday accounts Managed System that are marked as private are not accessible through the Workday API. The fields marked as public are accessible. To ensure that the Workday source aggregates all applicable attributes, you must mark them as public.