Overview
To authenticate your Workday account using OAuth, you will need to provide the following information:
- WSDL - The Web Services Endpoint URL prefix
- Workday Tenant Name - Your Workday tenant identifier
- Client ID - From the API Client registration
- Client Secret - From the API Client registration
- Refresh Token - A non-expiring refresh token
- Token Endpoint - The OAuth token URL
Prerequisites
- You have Administrator permissions in your companyโs Workday instance
Step 1: Obtain the Web Services Endpoint URL
Search in Workday for 'Public Web Services'.
Find 'Human Resources (Public)' if you are connecting Workday HRIS.
Click the three dots to access the menu, then select 'Web Services' โ 'View WSDL'.
Navigate to the bottom of the page that opens (it may take a few seconds to load).
Copy the URL prefix provided under 'Human_ResourcesService'.
The URL will have a format similar to: https://wd2-impl-services1.workday.com/ccx
Step 2: Get Your Tenant Name
From the web services URL, find your tenant name.
For example, if your URL is https://wd2-impl-services1.workday.com/ccx/service/acme/Human_Resources/v43.0, your tenant name is acme.
Step 3: Register a New API Client for Integrations
In the Search field, select the task 'Register API Client for Integrations'.
On the 'Register API Client for Integrations' page, enter the following:
- Client Name: Enter a name for your API client
- Scope (Functional Areas): Add the required scopes from the table below
- Check Non-Expiring Refresh Tokens
- Check Include Workday Owned Scope
Save the Client Secret and Client ID that are displayed, then click 'Done'.
The Client Secret is only shown once. Make sure to save it securely.
Required Scopes (Functional Areas)
For HRIS integrations, add the following scopes:
| Scope |
|---|
| Staffing |
| Time Off and Leave (if you need access to Time Off data) |
| Tenant Non-Configurable |
| Public Data |
| Contact Information |
Step 4: Generate a Non-Expiring Refresh Token
In the Search field, select 'View API Clients'.
On the 'View API Clients' page, click the 'API Clients for Integrations' tab.
Save your Token Endpoint URL from this page.
Click on the API client you created in Step 3.
Click the three dots menu โ 'API Client' โ 'Manage Refresh Tokens for Integrations'.
On the 'Manage Refresh Tokens for Integrations' page, add a user in the 'Workday Account' field.
Save the Refresh Token that is generated.
The Refresh Token is only shown once. Make sure to save it securely.
Enter Credentials into Doozy
You must be a Doozy admin to connect an HRIS integration.
Choose Workday as the HRIS you want to connect.
Select OAuth as the authentication method.
WSDL: Enter the Web Services Endpoint URL prefix from Step 1.
Workday Tenant Name: Enter your tenant name from Step 2.
Client ID: Enter the Client ID from Step 3.
Client Secret: Enter the Client Secret from Step 3.
Token Endpoint: Enter the Token Endpoint URL from Step 4.
Refresh Token: Enter the Refresh Token from Step 4.
- OAuth authentication is recommended over ISU authentication for enhanced security.
- Ensure the Workday Account used to generate the refresh token has the necessary permissions to access the data you need.
- If you need to set up domain security policies for specific data access, see our Workday HRIS Permissions guide.
