Skip to content
Gallery
Boon Employer Launch Guide
Employer Launch Guide
Feature Highlights
Guides & Tips
Share
Explore
ATS & HRIS Integration Guides

workday
Workday

Integration With Boon
workday
HRIS Data Permissions (Workday)
workday
ATS Data Permissions (Workday)

Overview

To authenticate your Workday account, you will need to provide the following information:
WSDL
ISU Username
ISU Password
Workday Tenant Name
Learn more about Boon

Prerequisites

Please ensure you fulfil all the requirements to set up the integration:
You have Administrator permissions in your company's Workday instance

Instructions

Step 1: Create an Integration System User (ISU)

1. In your Workday portal, log into the Workday tenant
2. In the Search field, type Create Integration System User
3. Select the Create Integration System User task
CleanShot 2024-05-16 at 19.22.50.png
4. On the Create Integration System User page, in the Account Information section, enter a user name, and enter and confirm a password
Important: "&", "<", or ">" characters cannot be included in the password
5. Click OK
CleanShot 2024-05-16 at 19.27.03.png
6. To ensure the password doesn't expire, you'll want to add this new user to the list of System Users. To do this, search for the Maintain Password Rules task.
Capture-2024-05-16-193352.png
7. Add the ISU to the System Users exempt from password expiration field
CleanShot 2024-05-16 at 19.37.35.png
8. Enter the Integration System User name in the linking flow
9. Enter the Integration System User password in the linking flow
CleanShot 2024-05-16 at 20.52.23.png

Step 2: Create a Security Group and assign an Integration System User

1. In the Search field, type Create Security Group
Capture-2024-05-16-194454.png
Select the Create Security Group task.
2. On the Create Security Group page, select Integration System Security Group (Unconstrained) from the Type of Tenanted Security Group pull-down menu.
CleanShot 2024-05-16 at 19.50.24.png
If you would like to create a Constrained Security Group instead of an Unconstrained Security Group,
please see the section in Notes below
3. In the Name field, enter a name
4. Click OK
5. On the Edit Integration System Security Group (Unconstrained) page, in the Integration System Users field, enter the same name you entered when creating the ISU in the first section
CleanShot 2024-05-16 at 19.54.35.png
6. Click OK

Step 3: Configure domain security policy permissions

1. In the Search field, type Maintain Permissions for Security Group
Capture-2024-05-16-195737.png
2. Make sure the Operation is Maintain, and the Source Security Group is the same as the security group that was assigned in Step 2
CleanShot 2024-05-16 at 20.00.00.png
3. On the next screen, add the corresponding Domain Security Policies depending on your use case:
CleanShot 2024-05-16 at 20.01.47.png

user-credentials
If you are connecting Workday ATS (Recruiting):
ATS (Recruiting) Permissions
If you are connecting Workday HRIS:
HRIS Permissions

Step 4: Activate security policy changes

1. In the search bar, type "Activate Pending Security Policy Changes" to view a summary of the changes in the security policy that needs to be approved
Capture-2024-05-16-200630.png
2. Add any relevant comments on the window that pops up
3. Confirm the changes in order to accept the changes that are being made and hit OK
CleanShot 2024-05-16 at 20.09.20.png

Step 5: Validate the authentication policy is sufficient

1. Search for Manage Authentication Policies
CleanShot 2024-05-16 at 20.11.28.png
2. Click Edit on the authentication policy row
CleanShot 2024-05-16 at 20.15.41.png
3. Create an Authentication Rule
CleanShot 2024-05-16 at 20.17.02.png
4. Enter a name, add the Security Group, and ensure Allowed Authentication Types is set to Specific User Name Password or Any
CleanShot 2024-05-16 at 20.24.18.png

info

Note: You don't have to create a new Authentication Rule if you already have an existing one set to User Name Password or Any. You can add the ISU you created to that rule instead. You will need to create a new rule if SAML is the only Authentication Rule you see for "Allowed Authentication Types."

Step 6: Activate all pending authentication policy changes

In the search bar type, activate all pending authentication policy changes
CleanShot 2024-05-16 at 20.34.45.png
2. Proceed to the next screen and confirm the changes. This will save the Authentication Policy that was just created or edited

Step 7: Obtain the web services endpoint URL
Search in Workday for Public Web Services
CleanShot 2024-05-16 at 20.36.41.png
2. Find Human Resources (Public) if you are connecting Workday HRIS. Find Recruiting if you are connecting Workday ATS.
3. Click the three dots to access the menu. Click Web Services > View WSDL
CleanShot 2024-05-16 at 20.39.58.png
4. Navigate to the bottom of the page that opens (it may take a few seconds to load)
5. Copy the full URL provided under Human_ResourcesService (Workday HRIS) or RecruitingService (Workday ATS). The URL will have a format similar to https://wd2-impl-services1.workday.com/ccx/service/acme/Human_Resources/v43.0
CleanShot 2024-06-26 at 13.10.37@2x.png
6. Enter the Web Services Endpoint URL into the linking flow
CleanShot 2024-06-26 at 13.25.34@2x.png
7. Click Submit
8. A new applicant source needs to be added under name and id : Boon

Important Notes

Implementation/sandbox tenant Workday accounts will result in slower syncs, as fewer resources are dedicated to the tenant

(Optional) Create a Constrained Security Group instead of Unconstrained

The following steps would replace
Step 2 above
.
In the Search field, type Create Security Group.
Capture-2024-05-16-194454.png
2. On the Create Security Group page, select Integration System Security Group (Constrained) from the Type of Tenanted Security Group pull-down menu.
CleanShot 2024-05-16 at 21.07.20.png
3. In the Name field, enter a name.
4. Click OK
5. On the Edit Integration System Security Group (Constrained) page, in the Integration System Users field, enter the ISU you created in
Step 1
6. Now under Organizations, you will need to select the appropriate way you'd like to limit access from your Workday instance. You have several options in regards to how you'd like to limit the data accessible to the ISU:
We recommend selecting a specific organizational structure within your larger Company to segment by
CleanShot 2024-05-16 at 21.10.59.png
After clicking on "All Organizations by Type", you can further narrow down by selecting which Type you'd like to segment by.
The recommended types are:
Company
Cost Center
Division
Region
From there, you can select the specific Instances within your Workday Organization that you'd like to be synced over from this security Group (specific Regions, divisions, etc.)
7. After you have configured the Organization Structures you'd like to be accessible from the ISU, please navigate to "Access Rights to Organization". Depending on how you'd like to configure access, it can either be to the specific criteria you've applied on the Organizations section or the criteria you applied as well as all organizations that fall under. If you have only selected a top level organization, you should click "Applies to Current Organization And All Subordinates"
CleanShot 2024-05-16 at 21.15.53.png
8. Once this is all completed, click OK to save the Constrained Security Group
9. Now continue to
Step 3

Permissions

ATS Data:
What permissions do I need for ATS data?

HRIS Data:
What permissions do I need for HRIS data?



Did this article help?

Admin App
Service Desk
Privacy Policy
Security


Overview
Prerequisites
Instructions
Step 1: Create an Integration System User (ISU)
Step 2: Create a Security Group and assign an Integration System User
Step 3: Configure domain security policy permissions
Step 4: Activate security policy changes
Step 5: Validate the authentication policy is sufficient
Note: You don't have to create a new Authentication Rule if you already have an existing one set to User Name Password or Any. You can add the ISU you created to that rule instead. You will need to create a new rule if SAML is the only Authentication Rule you see for "Allowed Authentication Types."
Step 6: Activate all pending authentication policy changes
Important Notes
(Optional) Create a Constrained Security Group instead of Unconstrained
Permissions
ATS Data: What permissions do I need for ATS data?
HRIS Data: What permissions do I need for HRIS data?
Admin App Service Desk Privacy Policy Security
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.