Background
Ten Thousand Coffees (10KC) is an enterprise software platform for mentoring, networking and informal talent development experiences used by the world’s top organizations.
10KC’s Workday integration automates adding, updating, and deleting member profiles by syncing with your Workday directories.
Ten Thousand Coffees uses WorkOS to enable Workday connections for our enterprise customers. We’ll need the following information:
-
The Workday Custom User Report JSON endpoint
-
The Workday Custom Group Report JSON endpoint
-
Username for accessing the Custom Reports
-
Password for accessing the Custom Reports
Integration Setup
1. Create an Integration System User
Creates an Integration System User within Workday. The Integration System User will be used to access Custom Reports.
|
ℹ️ If at the end of all this, everything works as expected but fields are missing from the Report, ensure that the user created has access to the fields. |
2. Create a Security Group
Create a new security group in Workday. Set the Type of Tenanted Security Group to Integration System Security Group (Unconstrained). Then add a name for the Security Group and select OK.
Next, for Integration System Users, add the integration system user you created in the previous step, and select OK.
3. Add domain security policies to the Security Group
Next, you’ll need to add domain security policies to the newly created security group. You can access this on the Security Group Settings → Maintain Domain Permissions for Security Group page.
You’ll need to permit the following domain security policies to have “Get” access under Integration Permissions:
-
Person Data: Work Contact Information
-
Workday Accounts
-
Worker Data: Active and Terminated Workers
-
Worker Data: All Positions
-
Worker Data: Business Title on Worker Profile
-
Worker Data: Current Staffing Information
-
Worker Data: Public Worker Reports
-
Worker Data: Workers
To activate these new security settings, you need to go to the Activate Pending Security Policy Changes page and click OK.
Then, select the Confirm checkbox to finish activating.
4. Create User Report
You will need to create two Custom Reports. The first Custom Report will be used for syncing User information. The second report will be used for syncing Group information (see step 5 below).
When creating the User Report, make sure to select the Advanced report type and to have the Enable as Web Service box checked.
Required and recommended profile fields
Start with the required fields, then add recommended fields based on what’s available in your organization’s Workday system. Each additional field improves matching quality and capabilities.
Required
| Field Name | Example | Notes |
|---|---|---|
| First name | Jane | |
| Last name | Doe | |
| jane@10kc.com | ||
| Management Level This is mapped to the Role segment |
Director | Maps to “Role” segment. Example values: Student, Intern, Analyst, Associate, Individual Contributor, Manager, Sr. Manager, Director, Sr. Director, VP, SVP, Executive |
Recommended
| Field Name | Example | Notes |
|---|---|---|
| Job title | Solutions Engineer | |
| Business unit | Consulting | |
| Job function | Engineering | |
| People manager status | Yes | Use only “yes” or “no” |
| Manager email To exclude members from matching with managers |
john@10kc.com |
Optional
| Field Name | Example | Notes |
|---|---|---|
| City, Country, or Office For matching across geographies |
Atlanta | |
| Locale Include this field to specify which members require other languages. English is the default language. |
en-US | Use only: en-US, fr-CA, es-ES, ko, ja |
| Status To deactivate and reactivate profiles for employees that go on leave and come back |
active | Use only: active, inactive |
5. Create Group Report
Next, create the Group Report. Include the following information in the Group Report:
-
group_name
6. Add an authorized user
We will now add the Integration System User was created earlier as an authorized user for the User and Group Report. This can be found under the Share tab from within a Report.
7. Get the RaaS endpoint
Now that the Custom Reports are set up, and access to it has been configured, you will need to get the RaaS endpoint. The page with the endpoints can be found under Actions → Web Service → View URLs.
Once on the URLs page, the one that WorkOS will need is listed under the JSON section.
8. Share the RaaS endpoints
Please share the JSON endpoints for your User Report and Group Report with Ten Thousand Coffees. Please email integrations@tenthousandcoffees.com.
Security Considerations
Security Measures
10KC has strict security policies and we follow all best practices like annual pen-testing, annual internal audit, third party SOC2 audit and aligning with regional data privacy requirements.
Ten Thousand Coffees uses WorkOS to enable Okta SCIM v2.0 connections for our enterprise customers. WorkOS is SOC 2 Type certified, GDPR and CCPA compliant, and performs annual 3rd-party security penetration tests, as well as external code audits. More detailed documentation on their security
Comments
0 comments
Please sign in to leave a comment.