OAuth 2.0 Authentication

The following permissions are required for OAuth 2.0 Authentication Type:

Create the API Client.

For more information on API Client creation, refer to Create API Client for Integration.
The Workday Account used for the API Client to generate a refresh token must be an integration user and must have all the permissions as described in Basic Authentication.
Add the following functional area under the API Client Integration used for OAuth 2.0:
- Staffing
- System
- Organization and Roles
- Integration

To fetch the COMMENT and DESCRIPTOR, the following additional permissions are needed:

Domain	Category	Permission
Workday Query Language	Report/ Task Permissions	Modify access
Security Activation	Report/ Task Permissions	Modify access
Security Configuration	Report/ Task Permissions	Modify access

To fetch the OrganizationRole group object, the following additional permissions are needed for group aggregation:

Domain	Category	Permission
Security Administration	Report/ Task Permissions	Modify access

The following additional permissions are needed to fetch the SECURITY_GROUPS group object:

Domain	Category	Permission
Workday Query Language	Report/ Task Permissions	Modify access
Security Activation	Report/ Task Permissions	Modify access

To aggregate Implementer user accounts, the following additional permissions are needed:

Domain	Category	Permission
Workday Query Language	Report/ Task Permissions	Modify access

To aggregate Integration accounts, the following additional permissions are needed:

Domain	Category	Permission
Workday Query Language	Report/ Task Permissions	Modify access
Security Activation	Report/ Task Permissions	Modify access

To aggregate Integration System ID associated with integration user, the following permissions are needed:

Domain	Category	Permission
Integration Security	Report/ Task Permissions	Put access

To manage Student Accounts, the following permissions are needed:

Domain	Category	Permission
Workday Query Language	Report/ Task Permissions	Get access
Reports: Student Recruitment	Report/ Task Permissions	Get access
Reports: Students	Report/ Task Permissions	Get access
Integration Build	Integration Permissions	Get access

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

OAuth 2.0 Authentication

Documentation Feedback