Workday
This connectivity package allows implementing Workday as an authoritative source of identity data for Omada Identity, providing support for reading worker and organizational information.
Supported objects and operations
| Workday objects | Omada Identity data model | Operations |
|---|---|---|
| Workers | Identity | Read |
| Supervisory Organization | Context | Read |
| Location | Context | Read |
| Countries | Context | Read |
| Job title | Context | Read |
| Identity and supervisory organizations | Context assignment | Read |
| Location and workers | Context assignment | Read |
| Countries and workers | Context assignment | Read |
| Supervisory organization and managers | Context owner | Read |
Minimum required permissions
Only administrators can get the authorization credentials required to connect to the Workday API.
Implementation notes
Ensure that you complete the procedures listed in the Additional configuration section to allow the correct alignment of context data between Workday and Omada Identity data models.
Network requirements
N/A
Prerequisites
The following section describes how to get permissions to access specific data from Workday as well as client ID and client secret. It is required for seamless integration with Omada Identity.
-
Log in to your Workday instance.
-
Create your API client for integration and choose Scope (Functional Areas) as Organizations, Roles and Staffing. Save your client id and client secret.
-
Create your Integration System User (ISU).
- In the search field, search for
Create Integration System User. - Enter username and password. Click OK.
- In the search field, search for
-
Create the security group.
- In the search field, search for
Create Security Group. - In the Type of Tenanted Security Group pull-down menu, select Integration System Security Group (Unconstrained).
- In the Name field, enter a name. Click OK.
- In the Integration System Users field, enter your ISU name. Click OK.
- In the search field, search for
-
Create your API Client for integrations.
- In the search field, search for
API Client for Integration. - Enter the client name.
- Enable Non-Expiring Refresh Tokens.
- In Scope (Functional Areas), select Staffing and Organizations and Roles. Click OK.
- Save the client ID and client secret. Click Done.
tipIf you didn't save your client secret, use the search field and enter
View API client. Go to API clients for Integrations, select the API client, and click the three dots. Click API Client and select Generate New API Client Secret. - In the search field, search for
-
In the search bar, search for
Maintain Permissions for Security Group. -
Select your security group.
-
Select the following Domain Security Policy and View/Modify Access using the table below (the policies enable the retrieval of information in the queries and mappings). Click OK.
| View/Modify Access | Domain Security Policy | Functional Area |
|---|---|---|
| View only | Worker data: Public Worker Reports | Staffing |
| View only | Worker data: Current Staffing Information | Staffing |
| View only | Worker data: Workers | Staffing |
| View only | Worker data: Organizations | Staffing |
| View only | Reports: Organization | Organizations and Roles |
| View only | Set up: Organization | Organizations and Roles |
| View only | Manage: Supervisory Organization | Organizations and Roles |
| View only | Reports: Supervisory Organization View as of Date | Organizations and Roles |
- In the search bar, search for
Activate Pending Security Policy Changes. Enter a comment and click OK. - Select the checkbox for the Confirm option. Click OK.