Background
Ten Thousand Coffees (10KC) is an enterprise software platform for mentoring, networking and informal talent development experiences used by the world’s top organizations.
10KC’s Workday integration automates adding, updating, and deleting member profiles by syncing with your Workday directories.
Ten Thousand Coffees uses WorkOS to enable Workday connections for our enterprise customers. We’ll need the following information:
The Workday Custom User Report JSON endpoint
The Workday Custom Group Report JSON endpoint
Username for accessing the Custom Reports
Password for accessing the Custom Reports
Integration Setup
1. Create an Integration System User
Creates an Integration System User within Workday. The Integration System User will be used to access Custom Reports.
ℹ️ If at the end of all this, everything works as expected but fields are missing from the Report, ensure that the user created has access to the fields. |
2. Create a Security Group
Create a new security group in Workday. Set the Type of Tenanted Security Group to Integration System Security Group (Unconstrained). Then add a name for the Security Group and select OK.
Next, for Integration System Users, add the integration system user you created in the previous step, and select OK.
3. Add domain security policies to the Security Group
Next, you’ll need to add domain security policies to the newly created security group. You can access this on the Security Group Settings → Maintain Domain Permissions for Security Group page.
You’ll need to permit the following domain security policies to have “Get” access under Integration Permissions:
Person Data: Work Contact Information
Workday Accounts
Worker Data: Active and Terminated Workers
Worker Data: All Positions
Worker Data: Business Title on Worker Profile
Worker Data: Current Staffing Information
Worker Data: Public Worker Reports
Worker Data: Workers
To activate these new security settings, you need to go to the Activate Pending Security Policy Changes page and click OK.
Then, select the Confirm checkbox to finish activating.
4. Create User Report
You will need to create two Custom Reports. The first Custom Report will be used for syncing User information. The second report will be used for syncing Group information (see step 5 below).
When creating the User Report, make sure to select the Advanced report type and to have the Enable as Web Service box checked.
Required and recommended profile fields
Start with the required fields, then add recommended fields based on what’s available in your organization’s Workday system. Each additional field improves matching quality and capabilities.
Required
Field Name | Example | Notes |
First name | Jane | |
Last name | Doe | |
Management Level | Director | Maps to “Role” segment. Example values: Student, Intern, Analyst, Associate, Individual Contributor, Manager, Sr. Manager, Director, Sr. Director, VP, SVP, Executive |
Recommended
Field Name | Example | Notes |
Job title | Solutions Engineer | |
Business unit | Consulting | |
Job function | Engineering | |
People manager status | Yes | Use only “yes” or “no” |
Manager email |
Optional
Field Name | Example | Notes |
City, Country, or Office | Atlanta | |
Locale | en-US | Use only: en-US, fr-CA, es-ES, ko, ja |
Status | active | Use only: active, inactive |
5. Create Group Report
Next, create the Group Report. Include the following information in the Group Report:
group_name
6. Add an authorized user
We will now add the Integration System User was created earlier as an authorized user for the User and Group Report. This can be found under the Share tab from within a Report.
7. Get the RaaS endpoint
Now that the Custom Reports are set up, and access to it has been configured, you will need to get the RaaS endpoint. The page with the endpoints can be found under Actions → Web Service → View URLs.
Once on the URLs page, the one that WorkOS will need is listed under the JSON section.
8. Share the RaaS endpoints
Please share the JSON endpoints for your User Report and Group Report with Ten Thousand Coffees. Please email [email protected].
Security Considerations
Security Measures
10KC has strict security policies and we follow all best practices like annual pen-testing, annual internal audit, third party SOC2 audit and aligning with regional data privacy requirements.
Ten Thousand Coffees uses WorkOS to enable Okta SCIM v2.0 connections for our enterprise customers. WorkOS is SOC 2 Type certified, GDPR and CCPA compliant, and performs annual 3rd-party security penetration tests, as well as external code audits. More detailed documentation on their security