How can we help?

Set up Guide: Workday Integration

Emily B
Emily B
  • Updated

Background

Ten Thousand Coffees (10KC) is an enterprise software platform for mentoring, networking and informal talent development experiences used by the world’s top organizations.

10KC’s Workday integration automates adding, updating, and deleting member profiles by syncing with your Workday directories.

Ten Thousand Coffees uses WorkOS to enable Workday connections for our enterprise customers. We’ll need the following information:

  1. The Workday Custom User Report JSON endpoint

  2. The Workday Custom Group Report JSON endpoint

  3. Username for accessing the Custom Reports

  4. Password for accessing the Custom Reports

Integration Setup

1. Create an Integration System User

Creates an Integration System User within Workday. The Integration System User will be used to access Custom Reports.

ℹ️ If at the end of all this, everything works as expected but fields are missing from the Report, ensure that the user created has access to the fields.

2. Create a Security Group

Create a new security group in Workday. Set the Type of Tenanted Security Group to Integration System Security Group (Unconstrained). Then add a name for the Security Group and select OK.

Next, for Integration System Users, add the integration system user you created in the previous step, and select OK.

3. Add domain security policies to the Security Group

Next, you’ll need to add domain security policies to the newly created security group. You can access this on the Security Group Settings → Maintain Domain Permissions for Security Group page.

You’ll need to permit the following domain security policies to have “Get” access under Integration Permissions:

  • Person Data: Work Contact Information

  • Workday Accounts

  • Worker Data: Active and Terminated Workers

  • Worker Data: All Positions

  • Worker Data: Business Title on Worker Profile

  • Worker Data: Current Staffing Information

  • Worker Data: Public Worker Reports

  • Worker Data: Workers

To activate these new security settings, you need to go to the Activate Pending Security Policy Changes page and click OK.

Then, select the Confirm checkbox to finish activating.

4. Create User Report

You will need to create two Custom Reports. The first Custom Report will be used for syncing User information. The second report will be used for syncing Group information (see step 5 below).

When creating the User Report, make sure to select the Advanced report type and to have the Enable as Web Service box checked.

 

Required and recommended profile fields

You need to add information for certain fields to the User Report. You can do this by directly adding columns to the report for the attributes in Workday with column heading names. We've provided examples for the minimum required fields below. 

Some additional optional, but recommended fields are described below, along with data spec requirements. 

Field name

Why we recommend

Column Heading Override XML Alias

Data spec

User Name*

* At minimum, we require this field to invite members to your 10KC hub.

 

 

user_name

Can be any alpha-numeric string.

First Name*

first_name

Can be any alpha-numeric string.

Last Name*

last_name

Can be any alpha-numeric string.

Email Address*

primary_work_email

Can be any alpha-numeric string.

Group Name*

group_name

Can be any alpha-numeric string.

Employee ID*

employee_id

Can be any alpha-numeric string.

Status

To de-activate profiles for employees that are on leave.

status

We expect the values “active” or “inactive”. They are case-sensitive.

Job Function, Job Family, or Management Level

For creating relevant matches and reporting for your data dashboard.

 

 

job_function

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Hire Start Date

hire_start_date

We expect the format MM/DD/YYYY.

Business Unit, Supervisor Organization, or Department

business_unit

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Office Location

office_location

Can be any alpha-numeric string.

People Manager Status

people_manager_status

We expect “yes” or “no”.

High Potential Status

high_potential_status

We expect “yes” or “no”.

Diversity dimensions

(e.g. gender)

 

gender

Can be any alpha-numeric string.

First Level Supervisor

first_level_supervisor

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Second Level Supervisor

second_level_supervisor

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Third Level Supervisor

third_level_supervisor

Can be any alpha-numeric string. Ideally it’s easy for members to read and understand.

Locale

To automatically localize 10KC in the user’s preference (if the preferred language is available)

locale

We currently only support three values:

 

• “fr-CA” for French(Canada)

 

• “en-US” for English(US)

• “ko” for Korean

 

Note: any blank values will be set as “en-US”

Most Recent Role Start Date

To enable mobility analyses

 

most_recent_role_start_date

We expect the format MM/DD/YYYY

Role Reason Change Code

role_reason_change_code

Can be any alpha-numeric string.

 

5. Create Group Report

Next, create the Group Report. Include the following information in the Group Report:

  • group_name

6. Add an authorized user

We will now add the Integration System User was created earlier as an authorized user for the User and Group Report. This can be found under the Share tab from within a Report.

7. Get the RaaS endpoint

Now that the Custom Reports are set up, and access to it has been configured, you will need to get the RaaS endpoint. The page with the endpoints can be found under Actions → Web Service → View URLs.

Once on the URLs page, the one that WorkOS will need is listed under the JSON section.

8. Share the RaaS endpoints

Please share the JSON endpoints for your User Report and Group Report with Ten Thousand Coffees. Please email integrations@tenthousandcoffees.com.

Security Considerations

Security Measures

10KC has strict security policies and we follow all best practices like annual pen-testing, annual internal audit, third party SOC2 audit and aligning with regional data privacy requirements.

Ten Thousand Coffees uses WorkOS to enable Okta SCIM v2.0 connections for our enterprise customers. WorkOS is SOC 2 Type certified, GDPR and CCPA compliant, and performs annual 3rd-party security penetration tests, as well as external code audits. More detailed documentation on their security

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.