HERE'S WHY
Connecting Workday to Drata allows for automated checks and evidence collection to provide details on personnel hire and separation dates as well as their employment status.
BEFORE DIVING IN
Make sure you have admin access or at least an "Application user" permission for your company's Workday account. Drata recommends creating an Integration system user in Workday, which you can create and configure by following these instructions:
Signing into Workday
Access the Create Integration System User task
Enter a new username (the required format is
username@tenant
, but NOT as a full email address (e.g.infosec@customer_tenant
is good but[email protected]
is not))Enter and confirm password
Click OK
Note: You’ll want to add this user to the list of System Users to make sure the password doesn’t expire
You’ll need to now add this Integration System User to a Security Group:
In the Search field, type Create Security Group.
Select the Create Security Group task.
Click OK.
On the Create Security Group page, from the Type of Tenanted Security Group pull-down menu, select Integration System Security Group.
In the Name field, enter a name.
Click OK.
On the Edit Integration System Security Group (Unconstrained) page, in the Name field, enter the same name you entered when creating the ISU in the first section.
Click OK.
In the Security Group, you will need to edit the Domain Security Policy Permissions and add the following GET operations:
Person Data: Personal Data
Person Data: Work Contact Information
Worker Data: Workers
Worker Data: All Positions
Worker Data: Public Worker Reports
Worker Data: Employment Data
Worker Data: Organization Information
Activate Security Policy Changes
In the search bar, type "Activate Pending Security Policy Changes" to view a summary of changes in security policy that need to be approved. After reviewing policies, approve the pending security policy changes in order to activate them.
Obtain the Web Services Endpoint for Workday Tenant
We'll need access to your specific Workday web services endpoint:
Search in Workday for Public Web Services
Open Public Web Services Report
Hover over Human resources and click the three dots to access the menu
Click Web Services > View WSDL
Navigate to the bottom of the page that opens and you'll find the host
Copy everything until you see /service. This should look something like https://wd5-services1.myworkday.com/ccx
Enter Credentials into Drata Link
You'll need to enter a few pieces of information from the steps above into Drata Link to authenticate the connection:
Workday URL: Enter the Web Services Endpoint you found above
User ID: Enter the Integration System User name for the user created (the required format is simply
username
, notusername@tenant
here, this is not the same as how it was created in the above step)Password: Enter the Integration System User password for the user created (NOTE: Due to SOAP API constraints, this password should not have an '&' symbol, it will break the URL formed for the integration)
Workday Tenant Name: If you sign in at "https://wd5-services1.workday.com/acme", enter "acme"
HERE'S HOW
Follow these instructions to connect Workday to Drata:
1. Click on your company's name in the lower left corner.
2. Click "Connections" from that menu.
3. Click the "Connect" button for the Workday integration.
The slide-out panel will provide step-by-step instructions. Click "Connect to Workday" at the bottom of the panel to view the following screen for the steps required to authorize the Workday integration.