Introduction
- To connect your Workday account, you must create a System User and a Custom Group Report Endpoint.
- To set up this integration, you will need the RaaS (Reports-as-a-Service) feature enabled — this may not be part of your base Workday package.
- The process consists of the main steps below:
- Creating an Integration System User account
- Assigning the new user account to an Integration System Security Group
- Ensuring that the Security Group has the necessary permissions in Workday
- Creating and populating custom reports for the new user
- Adding the new user as an authorized user in Workday
- Obtaining the Reports-as-a-Service endpoint
Instructions
-
Log in to Workday with an account that has administrative privileges.
-
Create a user account and add it to a group by completing the following steps:
-
Search for and open the Create Integration System User task. Put “CitadelAPIuser” as the user name.
-
Make sure to put the temporary password in Truv login page.
-
Configure and save the Integration System User.
-
Search for and open the Create Security Group task.
-
In the Type of Tenanted Security Group field, choose Integration System Security Group (Unconstrained).
-
Enter a group name “CitadelAPIgroup” and click OK.
-
Select user “CitadelAPIuser” from the Integration System Users choice list, click OK, and finally click Done.
-
-
Add the Integration Security Group to domains by completing the following steps:
- Go to Security Group Settings and then Maintain Domain Permissions for Security Group.
- Permit the following domain security policies to allow Get access under Integration Permissions:
- Job Information
- Manage: Location
- Manage: Organization Integration
- Person Data: Date of Birth
- Person Data: Gender
- Person Data: ID Information
- Person Data: Work Contact Information
- Workday Accounts
- Worker Data: Active and Terminated Workers
- Worker Data: All Positions
- Worker Data: Business Title on Worker Profile
- Worker Data: Current Staffing Information (or Current Job Profile Information)
- Worker Data: Public Worker Reports
- Worker Data: Workers
- Worker Data: Organization Information
- Note: there may be other permissions needed to fully show all of the fields that Truv requests below. Please check the report fields to ensure that all fields are showing and update the domain security permissions as needed.
-
Activate Pending Security Policy Changes by completing the following steps.
-
Search for activate.
-
Click Activate Pending Security Policy Changes.
-
Enter a comment and click OK / Confirm.
-
-
Now you'll need to create and populate two Custom Reports in Workday. The first Report is used for syncing User information while the second report is used for syncing Group information.
-
When creating the report, make sure to select the Advanced report type and to have the Enable as Web Service box checked. The data source should be All Active and Terminated Workers.
- We would suggest naming the two reports User Report and Group Report.
-
You will then need to add fields to the Custom Report by adding the data below. Use these specific phrases to name the report fields:
- Employee ID
- Manager ID
- Username
- First Name
- Middle Name
- Last Name
- Group Name
- Individual
- Emails
- Email type
- Personal Phone number
- Work Phone Number
- Residence
- Residence line 1
- Residence line 2
- Residence city
- Residence state
- Residence postal code
- Residence country
- Employment
- Title
- Department
- Department Name
- Employment type (e.g., contractor)
- Employment subtype (e.g., full-time vs part-time)
- Start date
- End date
- Is active
- Location
- Location line 1
- Location line 2
- Location city
- Location state
- Location postal code
- Location country
- Income
- Income Type (salary, hourly, etc)
- Income Currency
- Income Amount
- Effective Date of income start (ie if an employee got a raise, this is the date of when their raise starts/is effective; otherwise, the hire date/start date)
- These fields are for both the User Report and the Group Report.
- Our validations on field names are strict, in order to ensure data is processed downstream appropriately. Here is what we expect the report field names to look like:
'EmployeeId', 'ManagerId', 'UniqueID', 'PersonalEmail', 'BenefitGroup', 'LocationCountry', 'EmploymentType', 'StartDate', 'LocationLine1', 'LocationLine2', 'WorkEmail', 'EmploymentSubtype', 'LocationState', 'ResidenceCountry', 'FirstName', 'MiddleName', 'Title', 'LocationCity', 'LocationPostalCode', 'Active', 'Username', 'ResidencePostalCode', 'DateOfBirth', 'PersonalPhoneNumber', 'WorkPhoneNumber', 'ResidenceCity', 'ResidenceState', 'DepartmentName', 'LastName', 'ResidenceLine1', 'IncomeType', 'IncomeCurrency', 'IncomeAmount', 'EffectiveDate'
Any deviations from these fields or field names will result in an error when trying to connect.
Additionally, any fields labeled "Email" must be valid emails, ie follows the format
name@domainName.TLD
, for example,john@work.com
is valid, whilethis-is-not-an-email
is not valid, as it's missing an@domanName.TLD
suffix, andalso-not-an@email
is not valid either, as it's missing aTLD
suffix (.com
,.org
, etc). -
Make sure to share the Reports (through the Share tab within each Report) with specific authorized groups and users, and click on the newly created Integration System User to add them.
-
Now that the Reports' fields and access are configured, you will need to obtain the RaaS endpoint (Reports-as-a-Service) by going to Actions —> Web Services —> View URLs. Truv will need the URL that is in the JSON section for each Report.