Background
Ten Thousand Coffees (10KC) is an enterprise software platform for mentoring, networking and informal talent development experiences used by the world’s top organizations.
10KC’s Workday integration automates adding, updating, and deleting member profiles by syncing with your Workday directories.
Ten Thousand Coffees uses WorkOS to enable Workday connections for our enterprise customers. We’ll need the following information:
-
The Workday Custom User Report JSON endpoint
-
The Workday Custom Group Report JSON endpoint
-
Username for accessing the Custom Reports
-
Password for accessing the Custom Reports
Integration Setup
1. Create an Integration System User
Creates an Integration System User within Workday. The Integration System User will be used to access Custom Reports.
ℹ️ If at the end of all this, everything works as expected but fields are missing from the Report, ensure that the user created has access to the fields. |
2. Create a Security Group
Create a new security group in Workday. Set the Type of Tenanted Security Group to Integration System Security Group (Unconstrained). Then add a name for the Security Group and select OK.
Next, for Integration System Users, add the integration system user you created in the previous step, and select OK.
3. Add domain security policies to the Security Group
Next, you’ll need to add domain security policies to the newly created security group. You can access this on the Security Group Settings → Maintain Domain Permissions for Security Group page.
You’ll need to permit the following domain security policies to have “Get” access under Integration Permissions:
-
Person Data: Work Contact Information
-
Workday Accounts
-
Worker Data: Active and Terminated Workers
-
Worker Data: All Positions
-
Worker Data: Business Title on Worker Profile
-
Worker Data: Current Staffing Information
-
Worker Data: Public Worker Reports
-
Worker Data: Workers
To activate these new security settings, you need to go to the Activate Pending Security Policy Changes page and click OK.
Then, select the Confirm checkbox to finish activating.
4. Create User Report
You will need to create two Custom Reports. The first Custom Report will be used for syncing User information. The second report will be used for syncing Group information (see step 5 below).
When creating the User Report, make sure to select the Advanced report type and to have the Enable as Web Service box checked.
Required and recommended profile fields
You need to add information for certain fields to the User Report. You can do this by directly adding columns to the report for the attributes in Workday with column heading names. We've provided examples for the minimum required fields below.
Some additional optional, but recommended fields are described below, along with data spec requirements.
Field name |
Why we recommend |
Column Heading Override XML Alias |
Data spec |
User Name* |
* At minimum, we require this field to invite members to your 10KC hub.
|
user_name |
Can be any alpha-numeric string. |
First Name* |
first_name |
Can be any alpha-numeric string. |
|
Last Name* |
last_name |
Can be any alpha-numeric string. |
|
Email Address* |
primary_work_email |
Can be any alpha-numeric string. |
|
Group Name* |
group_name |
Can be any alpha-numeric string. |
|
Employee ID* |
employee_id |
Can be any alpha-numeric string. |
|
Status |
To de-activate profiles for employees that are on leave. |
status |
We expect the values “active” or “inactive”. They are case-sensitive. |
Job Function, Job Family, or Management Level |
For creating relevant matches and reporting for your data dashboard.
|
job_function |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
Hire Start Date |
hire_start_date |
We expect the format MM/DD/YYYY. |
|
Business Unit, Supervisor Organization, or Department |
business_unit |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
|
Office Location |
office_location |
Can be any alpha-numeric string. |
|
People Manager Status |
people_manager_status |
We expect “yes” or “no”. |
|
High Potential Status |
high_potential_status |
We expect “yes” or “no”. |
|
Diversity dimensions (e.g. gender)
|
gender |
Can be any alpha-numeric string. |
|
First Level Supervisor |
first_level_supervisor |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
|
Second Level Supervisor |
second_level_supervisor |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
|
Third Level Supervisor |
third_level_supervisor |
Can be any alpha-numeric string. Ideally it’s easy for members to read and understand. |
|
Locale |
To automatically localize 10KC in the user’s preference (if the preferred language is available) |
locale |
We currently only support three values:
• “fr-CA” for French(Canada)
• “en-US” for English(US)
Note: any blank values will be set as “en-US” |
Most Recent Role Start Date |
To enable mobility analyses
|
most_recent_role_start_date |
We expect the format MM/DD/YYYY |
Role Reason Change Code |
role_reason_change_code |
Can be any alpha-numeric string. |
5. Create Group Report
Next, create the Group Report. Include the following information in the Group Report:
-
group_name
6. Add an authorized user
We will now add the Integration System User was created earlier as an authorized user for the User and Group Report. This can be found under the Share tab from within a Report.
7. Get the RaaS endpoint
Now that the Custom Reports are set up, and access to it has been configured, you will need to get the RaaS endpoint. The page with the endpoints can be found under Actions → Web Service → View URLs.
Once on the URLs page, the one that WorkOS will need is listed under the JSON section.
8. Share the RaaS endpoints
Please share the JSON endpoints for your User Report and Group Report with Ten Thousand Coffees. Please email integrations@tenthousandcoffees.com.
Security Considerations
Security Measures
10KC has strict security policies and we follow all best practices like annual pen-testing, annual internal audit, third party SOC2 audit and aligning with regional data privacy requirements.
Ten Thousand Coffees uses WorkOS to enable Okta SCIM v2.0 connections for our enterprise customers. WorkOS is SOC 2 Type certified, GDPR and CCPA compliant, and performs annual 3rd-party security penetration tests, as well as external code audits. More detailed documentation on their security
Comments
0 comments
Please sign in to leave a comment.