Before linking your Workday, we’ll need to make sure that the correct permissions are enabled. Below are some detailed steps for granting permissions. Steps 1 to 5 are done within your Workday portal, whereas the last step is done on your Merge Link prompt.

Step 1: Create an Integration System User (ISU)

1

In your Workday portal, log into the 'Workday tenant'.

2

In the Search field, type 'Create Integration System User'.

3

Select the 'Create Integration System User' task.

4

On the 'Create Integration System User' page, in the 'Account Information' section, enter a user name, and enter and confirm a password.

5

Click 'OK'.

Due to xml encoding, ’&’, ’<’, or ’>’ symbol cannot be included in the password.
Ensure ‘Require New Password’ at ‘Next Sign In’ is NOT checked.
You’ll want to add this user to the list of System Users to make sure the password doesn’t expire.

Step 2: Create a Security Group and Assign an Integration System User

Now, add this Integration System User to a Security Group:

1

In the 'Search' field, type 'Create Security Group'.

2

Select the 'Create Security Group' task.

3

Click 'OK'.

4

On the 'Create Security Group' page, from the 'Type of Tenanted Security Group' pull-down menu, select 'Integration System Security Group (Unconstrained)'.

5

In the Name field, enter a name.

6

Click 'OK'.

7

On the 'Edit Integration System Security Group (Unconstrained)'' page, in the 'Name' field, enter the same name you entered when creating the ISU in the first section.

8

Click 'OK'.

Step 3: Configure Domain Security Policy Permissions

1

In the 'Search' field, type 'Maintain Permissions for Security Group'.

2

Make sure the 'Operation' is Maintain, and the 'Source Security Group' is the same as the security group that was assigned in Step 2.

3

Add the corresponding 'Domain Security Policy' with GET operation:.

4

In the 'Search' field, type 'Maintain Permissions for Security Group'.

Please note the permissions listed below are the required permissions for the full HRIS API. Permissions can differ from implementation to implementation.

Step 4: Activate Security Policy Changes

1

In the search bar, type 'Activate Pending Security Policy Changes' to view a summary of the changes in the security policy that need to be approved.

2

Add any relevant comments on the window that pops up.

3

'Confirm' the changes in order to accept the changes that are being made. .

Step 5: Validate Authentication Policy is Sufficient

Check the Manage Authentication Policies section to ensure the ISU you created is added to a policy that can access the necessary domains. It should not be restricted to only the “SAML” Allowed Authentication Types – if this is the case, you can create a new Authentication Policy with a “User Name Password” Allowed Authentication Type.

1

Editing 'Authentication Policies'.

2

Create an Authentication Rule, and add the Security Group to the Rule.

3

Make sure the 'Allowed Authentication Types' is set to specific User Name Password or set to Any.

Step 6: Activate All Pending Authentication Policy Changes

1

In the search bar, type 'Activate All Pending Authentication Policy Changes'.

2

Proceed to the next screen, and confirm the changes. This will save the Authentication Policy that was just created.

3

Make sure the 'Allowed Authentication Types' is set to specific User Name Password or set to Any.

Step 7: Obtain the Web Services Endpoint for Workday Tenant

We’ll need access to your specific Workday web services endpoint:

1

Search in Workday for 'Public Web Services'.

2

Open Public Web Services Report.

3

Hover over 'Human resources' and click the three dots to access the menu. If you are integrating with your Workday ATS, please find 'Recruiting' instead and access that menu.

4

Navigate to the bottom of the page that opens and you'll find the 'host'.

5

Copy everything until you see /service. This should look something like: (https://wd5-services1.myworkday.com/ccx)

Enter Credentials into Doozy

🖥️ Now go to our web app, doozy.live, and sign into your account.

1

Choose Workday as the HRIS you want to connect.

Follow the steps here.
2

Workday URL: Enter the Web Services Endpoint you found from Step 5 into Merge Link.

3

User ID: Enter the Integration System User name for the user created in Step 1.

4

Password: Enter the Integration System User password for the user created in Step 1.

5

Workday Tenant Name: Enter your Workday Tenant name. Example: If you sign in at 'https://wd5-services1.workday.com/acme', enter 'acme'.

Notes

  • Linked Implementation Workday accounts will result in slower syncs as there are fewer resources dedicated to the tenant.

  • The password used cannot contain an ’&’, ’<’, or ’>’ sign.

  • Please make sure to exempt the ISU Account from MFA and SSO

Create a Doozy userPersonio