Workday Integration Instructions

Below are steps to integrate your Workday and Knoetic accounts.

Creating an integration system user

  1. Log in to Workday with an account that provides administrative privileges.
  2. Create a user and add them to a group by completing the following steps.
    1. Search for and open the Create Integration System User task.
    2. Configure and save an integration system user
      1. Select User Name = “KnoeticAdminUser”
      2. Set session timeout minutes to 60
      3. Do not allow UI session to be unchecked
      4. Assign a randomized password and record this password - you will need to send it to us in step 5
      5. Leave all other fields as their defaults and select OK.
    3. Search for and open the Create Security Group task.
      1. Select Type of Tenanted Security Group = Integration System Security Group (Unconstrained)
      2. Enter Name = “Knoetic Integration Security Group”
      3. Add the user KnoeticAdminUser on the next screen in Integration System Users.
    4. Set the user password to never expire. This is to prevent automated processes on Knoetic’s side from being locked out of the account during data extracts.
      1. Search for: Maintain Password Rules
      2. Scroll till the bottom of the page
      3. You will find "System Users exempt from password expiration"
      4. Add KnoeticAdminUser 
  3. Search for “domain security” and select Domain Security Policies for Functional Area. Assign the security group Knoetic Integration Security Group to the following Functional Areas:
    1. See attached document for detailed security permissions
  4. Search for “activate” and select Activate Pending Security Policy Changes.
    1. Enter a comment (required) and select Confirm/OK
  5. Send Knoetic the credentials for this user by completing the following steps:
    1. Go to https://app.knoetic.com/keydrop
    2. Fill out the name, email, company, and system fields.
    3. In the Data box, put:
      1. The username and temp password for the user you created earlier.
      2. The URL of your workday instance (the URL you use to log into the Workday tenant)
      3. This should end in .htmld
        1. Example: https://wd5.myworkday.com/wday/authgwy/COMPANY NAME/login.htmld?redirect=n

Granting Permissions

Process for granting access to a security domain:

  1. Search in taskbar: View Domain
  2. Go to View Domain > (Search name of domain) > Actions > Domain > Edit Security Policy Permissions.
  3. Add the Knoetic integration user’s security group to BOTH Report/Task Permissions and Integration Permissions.
    1. This is required for UI access to reporting.
  4. Knoetic requires VIEW/GET permission for all fields unless otherwise specified.
    1. For two fields (Custom Report Administration and Custom Report Creation), we need access to MODIFY/PUT.
    2. Knoetic will never change employee data in your Workday system. PUT access is only needed for report administration.
  5. Go to Activate Pending Security changes
    1. Add a comment mentioning Knoetic, review, and apply changes.

How to map a field back to a security domain:

  1. View Security For Securable Item
  2. Go 'up the chain’ where appropriate - some fields belong to groups, and it’s much more efficient to give access to the entire group at once
    1. E.g. — give access to all fields on a business object, instead of individual fieldsThere will be a link to the security domain from this page
  3. There will be a link to the security domain from this page
  4. From here, you can grant access to this security domain!


How did we do?


Powered by HelpDocs (opens in a new tab)