Workday Integration Instructions
Below are steps to integrate your Workday and Knoetic accounts.
Creating an integration system user
- Log in to Workday with an account that provides administrative privileges.
- Create a user and add them to a group by completing the following steps.
- Search for and open the Create Integration System User task.
- Configure and save an integration system user
- Select User Name = “KnoeticAdminUser”
- Set session timeout minutes to 60
- Do not allow UI session to be unchecked
- Assign a randomized password and record this password - you will need to send it to us in step 5
- Leave all other fields as their defaults and select OK.
- Search for and open the Create Security Group task.
- Select Type of Tenanted Security Group = Integration System Security Group (Unconstrained)
- Enter Name = “Knoetic Integration Security Group”
- Add the user KnoeticAdminUser on the next screen in Integration System Users.
- Set the user password to never expire. This is to prevent automated processes on Knoetic’s side from being locked out of the account during data extracts.
- Search for: Maintain Password Rules
- Scroll till the bottom of the page
- You will find "System Users exempt from password expiration"
- Add KnoeticAdminUser
- Search for “domain security” and select Domain Security Policies for Functional Area. Assign the security group Knoetic Integration Security Group to the following Functional Areas:
- See attached document for detailed security permissions
- Search for “activate” and select Activate Pending Security Policy Changes.
- Enter a comment (required) and select Confirm/OK
- Send Knoetic the credentials for this user by completing the following steps:
- Go to https://app.knoetic.com/keydrop
- Fill out the name, email, company, and system fields.
- In the Data box, put:
- The username and temp password for the user you created earlier.
- The URL of your workday instance (the URL you use to log into the Workday tenant)
- This should end in .htmld
Granting Permissions
Process for granting access to a security domain:
- Search in taskbar: View Domain
- Go to View Domain > (Search name of domain) > Actions > Domain > Edit Security Policy Permissions.
- Add the Knoetic integration user’s security group to BOTH Report/Task Permissions and Integration Permissions.
- This is required for UI access to reporting.
- Knoetic requires VIEW/GET permission for all fields unless otherwise specified.
- For two fields (Custom Report Administration and Custom Report Creation), we need access to MODIFY/PUT.
- Knoetic will never change employee data in your Workday system. PUT access is only needed for report administration.
- Go to Activate Pending Security changes
- Add a comment mentioning Knoetic, review, and apply changes.
How to map a field back to a security domain:
- View Security For Securable Item
- Go 'up the chain’ where appropriate - some fields belong to groups, and it’s much more efficient to give access to the entire group at once
- E.g. — give access to all fields on a business object, instead of individual fieldsThere will be a link to the security domain from this page
- There will be a link to the security domain from this page
- From here, you can grant access to this security domain!