ADO.NET Provider for Workday

Build 24.0.9060

Creating an Integration System User (ISU)

Create an Integration System User (ISU)

All authentication flows supported by the provider can be used with either a normal user or an ISU. If you do not already have an ISU, then you need to create it first:

  1. Open the Create Integration System User form.
  2. Enter a name for the user in User Name.
  3. Enter a password for the user and verify the password. You will need to save this password if you plan to use this ISU with Basic authentication in SOAP.
  4. Enable the Do Not Allow UI Sessions option. This helps secure the ISU from being used outside the provider.

The ISU must also be assigned to a security group:

  1. Open the Create Security Group form.
  2. Select Integration Security Group (Unconstrained) for the security group type.
  3. Enter the name of the security group to create and click OK.
  4. Workday creates the group and displays the Edit Integration Security Group form.
  5. Open the Integration System Users list and add the ISU you created.
  6. Click OK.

Assign Security Domains to the ISU

Once you have an ISU, you need to grant it the necessary permissions for the Workday service you wish to use. This process must be done individually for each security domain you wish to assign.

  1. Open the View Domain report and enter the name of the security domain.
  2. Click on the eyeglass icon under Domain Security Policy.
  3. Click the ellipses (...) button and select Domain Security Policy > Edit Permissions.
  4. In the task permissions section, click the plus (+) button and enter the Integration Security Group.
  5. Enable the View permission, and the Modify permission if you want to allow the ISU to write data.
  6. Click OK.

Once you have made all the necessary changes, use the Activate Pending Security Policy Changes form to review and approve the domain assignments.

The provider requires ISUs that can access different domains depending up on the services you want to use. Note that these domains are the minimum requirements to use the provider with the service at all. Most data sources (and reports using them) require additional permissions, which are found by searching for domains that grant access to the specific data source.

  • WQL requires these domains: Workday Query Language, Reporting Audits
  • Reports do not require any specific domains, but any report you want to access must be shared with the ISU using the Share tab in the report definition. You can either share the report with all authorized users or share the report with the ISU specifically.
  • SOAP does not require any specific domains.

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 24.0.9060