OAuth 2.0 Authentication

This section provides the details of the required permissions for the OAuth 2.0 Authentication Type:

Create the API Client.

For more information on API Client creation, refer to Create API Client for Integration.
The Workday Account used by the API Client to generate a refresh token must be an integration user, and it must have all the permissions as described in Basic Authentication.
Add all of the following functional areas under the API Client Integration used for OAuth 2.0:
- Staffing
- System
- Contact Information
- Personal Data
- Integration
- Organization and Roles
Provide access to the Integration security group for the Workday Query Language domain in the System functional area.
Provide access to the Integration security group for the Worker Data source.

Note
Configure OAuth 2.0 authentication using a designated service account. Ensure this service account has all the required permissions and access scopes, as defined in the Basic Authentication configuration section.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

OAuth 2.0 Authentication

Documentation Feedback