Skip to main content
Workday Connection

Making the initial connection to Workday

Updated over a month ago

HERE'S WHY

Connecting Workday to Drata allows for automated checks and evidence collection to provide details on personnel hire and separation dates as well as their employment status.

BEFORE DIVING IN

Make sure you have admin access or at least an "Application user" permission for your company's Workday account. Drata recommends creating an Integration system user in Workday, which you can create and configure by following these instructions:

  • Signing into Workday

  • Access the Create Integration System User task

  • Enter a new username (the required format is username@tenant, but NOT as a full email address (e.g. infosec@customer_tenant is good but [email protected] is not))

  • Enter and confirm password

  • Click OK

Note: You’ll want to add this user to the list of System Users to make sure the password doesn’t expire

You’ll need to now add this Integration System User to a Security Group:

  1. In the Search field, type Create Security Group.

  2. Select the Create Security Group task.

  3. Click OK.

  4. On the Create Security Group page, from the Type of Tenanted Security Group pull-down menu, select Integration System Security Group.

  5. In the Name field, enter a name.

  6. Click OK.

  7. On the Edit Integration System Security Group (Unconstrained) page, in the Name field, enter the same name you entered when creating the ISU in the first section.

  8. Click OK.

In the Security Group, you will need to edit the Domain Security Policy Permissions and add the following GET operations:

  • Person Data: Personal Data

  • Person Data: Work Contact Information

  • Worker Data: Workers

  • Worker Data: All Positions

  • Worker Data: Public Worker Reports

  • Worker Data: Employment Data

  • Worker Data: Organization Information

Activate Security Policy Changes

In the search bar, type "Activate Pending Security Policy Changes" to view a summary of changes in security policy that need to be approved. After reviewing policies, approve the pending security policy changes in order to activate them.

Obtain the Web Services Endpoint for Workday Tenant

We'll need access to your specific Workday web services endpoint:

  1. Search in Workday for Public Web Services

  2. Open Public Web Services Report

  3. Hover over Human resources and click the three dots to access the menu

  4. Click Web Services > View WSDL

  5. Navigate to the bottom of the page that opens and you'll find the host

  6. Copy everything until you see /service. This should look something like https://wd5-services1.myworkday.com/ccx

Enter Credentials into Drata Link

You'll need to enter a few pieces of information from the steps above into Drata Link to authenticate the connection:

  1. Workday URL: Enter the Web Services Endpoint you found above

  2. User ID: Enter the Integration System User name for the user created (the required format is simply username, not username@tenant here, this is not the same as how it was created in the above step)

  3. Password: Enter the Integration System User password for the user created (NOTE: Due to SOAP API constraints, this password should not have an '&' symbol, it will break the URL formed for the integration)

  4. Workday Tenant Name: If you sign in at "https://wd5-services1.workday.com/acme", enter "acme"

HERE'S HOW

Follow these instructions to connect Workday to Drata:

1. Click on your company's name in the lower left corner.

2. Click "Connections" from that menu.

3. Click the "Connect" button for the Workday integration.

The slide-out panel will provide step-by-step instructions. Click "Connect to Workday" at the bottom of the panel to view the following screen for the steps required to authorize the Workday integration.

Did this answer your question?