Skip to main content

Overview

To authenticate your Workday account, you will need to provide the following information:
  • WSDL - The Web Services Endpoint URL
  • ISU Username - Integration System User name
  • ISU Password - Integration System User password
  • Workday Tenant Name - Your Workday tenant identifier

Prerequisites

  • You have Administrator permissions in your company’s Workday instance
Below are detailed steps for setting up the integration. Steps 1 to 7 are done within your Workday portal, whereas the final step is done in the Doozy app.

Step 1: Create an Integration System User (ISU)

1

In your Workday portal, log into the Workday tenant.

2

In the Search field, type 'Create Integration System User'.

3

Select the 'Create Integration System User' task.

4

On the 'Create Integration System User' page, in the 'Account Information' section, enter a user name, and enter and confirm a password.

5

Click 'OK'.

6

To ensure the password doesn't expire, search for the 'Maintain Password Rules' task.

7

Add the ISU to the 'System Users exempt from password expiration' field.

Due to XML encoding, ’&’, ’<’, or ’>’ characters cannot be included in the password.
Ensure ‘Require New Password at Next Sign In’ is NOT checked.

Step 2: Create a Security Group and Assign an Integration System User

1

In the Search field, type 'Create Security Group'.

2

Select the 'Create Security Group' task.

3

On the 'Create Security Group' page, select 'Integration System Security Group (Unconstrained)' from the 'Type of Tenanted Security Group' pull-down menu.

4

In the Name field, enter a name.

5

Click 'OK'.

6

On the 'Edit Integration System Security Group (Unconstrained)' page, in the 'Integration System Users' field, enter the ISU name you created in Step 1.

7

Click 'OK'.

Step 3: Configure Domain Security Policy Permissions

1

In the Search field, type 'Maintain Permissions for Security Group'.

2

Make sure the 'Operation' is Maintain, and the 'Source Security Group' is the same as the security group assigned in Step 2.

3

On the next screen, add the corresponding Domain Security Policies depending on your use case.

The permissions required can differ based on your use case. See the Workday HRIS Permissions guide for the full list of required domain security policies.

Step 4: Activate Security Policy Changes

1

In the search bar, type 'Activate Pending Security Policy Changes' to view a summary of the changes that need to be approved.

2

Add any relevant comments on the window that pops up.

3

Confirm the changes to accept them and click 'OK'.

Step 5: Validate Authentication Policy is Sufficient

1

Search for 'Manage Authentication Policies'.

2

Click 'Edit' on the authentication policy row.

3

Create an Authentication Rule.

4

Enter a name, add the Security Group, and ensure 'Allowed Authentication Types' is set to 'User Name Password' or 'Any'.

You don’t have to create a new Authentication Rule if you already have an existing one set to ‘User Name Password’ or ‘Any’. You can add the ISU to that rule instead. You will need to create a new rule if SAML is the only Authentication Rule you see for “Allowed Authentication Types.”

Step 6: Activate All Pending Authentication Policy Changes

1

In the search bar, type 'Activate All Pending Authentication Policy Changes'.

2

Proceed to the next screen and confirm the changes. This will save the Authentication Policy that was just created or edited.

Step 7: Obtain the Web Services Endpoint URL (WSDL)

1

Search in Workday for 'Public Web Services'.

2

Find 'Human Resources (Public)' if you are connecting Workday HRIS, or find 'Recruiting' if you are connecting Workday ATS.

3

Click the three dots to access the menu, then select 'Web Services' → 'View WSDL'.

4

Navigate to the bottom of the page that opens (it may take a few seconds to load).

5

Copy the full URL provided under 'Human_ResourcesService' (for HRIS) or 'RecruitingService' (for ATS).

The URL will have a format similar to: https://wd2-impl-services1.workday.com/ccx/service/acme/Human_Resources/v43.0

Enter Credentials into Doozy

You must be a Doozy admin to connect an HRIS integration.
1

Go to the Doozy web app.

Navigate to Workspace SettingsIntegrationsHRIS.
2

Choose Workday as the HRIS you want to connect.

3

WSDL: Enter the full Web Services Endpoint URL you found in Step 7.

4

ISU Username: Enter the Integration System User name created in Step 1.

5

ISU Password: Enter the Integration System User password created in Step 1.

6

Workday Tenant Name: Enter your Workday Tenant name.

Example: If you sign in at https://wd5-services1.workday.com/acme, enter acme.
7

Click Submit.

Notes

  • The password used cannot contain ’&’, ’<’, or ’>’ characters.
  • Please make sure to exempt the ISU account from MFA and SSO.
  • To increase API limits for your Workday tenant, contact Workday Support or your Workday Customer Account Manager through the Workday Community support portal.