HR Management
Workday Human Capital Management
40 min
workday human capital management lets you manage employee records, payroll, recruiting, and workforce analytics in one platform integrating with {{product name}} enables automated hr data sync, onboarding workflows, and real time updates between workday and other business tools the workday human capital management app is available on the https //www make com/en/enterprise requirements to use the workday human capital management app in make, you must have an active workday account with appropriate permissions to access the web services for subscription, refer to the https //www workday com/en us/products/human capital management/overview\ html refer to the https //community workday com/sites/default/files/file hosting/productionapi/index html for a list of available endpoints get started with workday hcm to use workday hcm with {{product name}} , a workday hcm admin must first complete the following docid\ yngk7qn9vad wlakpriwb docid\ yngk7qn9vad wlakpriwb docid\ yngk7qn9vad wlakpriwb docid\ yngk7qn9vad wlakpriwb docid\ yngk7qn9vad wlakpriwb create an integration system user workday recommends using an integration system user (isu) to integrate with external services such as {{product name}} for the following reasons isus carry all operations and documents under the isu, rather than using a worker specifically for integration and workflow activities integrations using an isu will not stop working if a worker's security profile changes or they are no longer an employee each isu can and should be limited to a single integration, such as {{product name}} , for security reasons the isu must have the mandatory permissions to perform the required actions for your {{scenario singular lowercase}} if you receive an error that states the task submitted is not authorized when building a {{scenario singular lowercase}} , the isu does not have sufficient permissions to create an isu task and configure the isu account for the integration, follow these steps in your workday account search bar, search for and select the create integration system user task enter the following details and click ok user name enter the name of the user we recommended including isu in the user name for easy identification generate random password select if you want to generate a random password for the user new password enter a password according to the password requirements new password verify re enter the password to confirm require new password at next sign in select the checkbox to enable the new password settings on the user's next login session timeout minutes enforced this field cannot be edited session timeout minutes leave the session timeout minutes as the default value of 0 to prevent session expiration an expired session can cause the integration to time out before it successfully completes do not allow ui sessions this field can be checked as isus do not typically require the ui you have successfully created the isu and a list of security groups are assigned by default this default list can differ for customer environments specifications to avoid integration errors due to expired passwords, workday recommends preventing the isu password from expiring go to the maintain password rules task and add the isu to the system users exempt from password expiration field create an integrated system security group an integrated system security group (issg) will be used to create a connection between the isu, domain, and web service to create a security group task, follow these steps in your workday account search bar, search for and select the create security group task enter the following details and click ok type of tenanted security group select integration system security group (constrained) or (unconstrained) name enter a name for the security group we recommend including issg in the name for easy identification assign integrated system security group to the isu to assign the issg to the isu open the security group created in the above section, enter the following details, and click ok name enter the security group name comment add applicable notes integration system users select the isu created in the section above to validate the relation between the isu and the security group, search for and select the view security groups for user task in the person field, select the account and click ok verify that the created security group is now assigned to the isu configure domain settings for isu in this section, you will configure the domain settings for the isu there are several ways to access the domain settings screen, {{product name}} recommends following the steps defined in this section continue from the custom report created in the previous section the following screens contain examples for configuring domain settings for web service operation name, get worker profile based on the web service matrix , get an employee module filter the report by web service operation name and select the relevant domain for example, get worker profile click the three dots menu > domain > edit security policy permissions confirm the action by clicking ok activate pending security policy changes in this section, you will activate the security policy changes in the workday search box, enter activate pending security policy changes and select that task enter a brief comment describing the change click ok mark the confirm checkbox in the dialog box click ok to make these changes active your security group can now execute the get worker web service validate integration security group to validate the security group in your workday account search bar, search for and select the view security group task enter the security group name you have created verify that the created integration security group has assigned operation for the specified domain connect workday hcm to {{product name}} you can establish two types of connection between workday hcm and {{product name}} with user credentials or oauth2 the system administrators must thoroughly understand and review their organization's authentication policy and design the integration user based on it to establish the connection, you must docid\ yngk7qn9vad wlakpriwb establish the connection in {{product name}} docid\ yngk7qn9vad wlakpriwb docid\ yngk7qn9vad wlakpriwb obtain your host url in workday hcm to obtain a host url from your workday hcm account log in to your workday hcm account as an admin go to view api clients copy a token endpoint and store in a safe place you will use this value in the host url field in {{product name}} establish the connection with workday hcm in {{product name}} (user credentials) to establish a connection with user credentials log in to your {{product name}} account, add a workday hcm module to your {{scenario singular lowercase}} , and click create a connection in the connection type dropdown, select workday hcm enter your host url address that you copied above without a trailing slash for example, https //wd3 services1 myworkday com for your production instance and https //wd3 impl services1 workday com for your sandbox instance enter your tenant id this can be located in your account url address as follows https //hostname workday com/tenantid/d/home/html in the username and password fields, enter the workday hcm login credentials with api access for more information, see the docid\ yngk7qn9vad wlakpriwb section click save you have successfully established the connection you can now edit and add more workday hcm modules if your connection requires reauthorization, follow the connection renewal steps docid\ so88fm6pkt0g adkddfzz establish the connection with workday hcm in {{product name}} (oauth2) before establishing an oauth2 connection, your workday system administrator must complete the steps in the docid\ yngk7qn9vad wlakpriwb section to generate client credentials and refresh tokens log in to your {{product name}} account, add a workday hcm module to your {{scenario singular lowercase}} , and click create a connection in the connection type dropdown, select workday hcm oauth2 enter your host url address that you copied above without a trailing slash for example, https //wd3 services1 myworkday com for your production instance and https //wd3 impl services1 workday com for your sandbox instance enter your tenant id this can be located in your account url address as follows https //hostname workday com/tenantid/d/home/html in the client id and client secret fields, enter your client credentials enter the refresh token for the connection, provided by your workday system administrator each connection should have its own refresh token as sharing tokens may result in connections being broken workday system administrators can generate tokens in workday > view api clients > manage refresh tokens for integrations set the access token expiry in seconds , provided by your workday system administrator this value must be the same as the token expiry settings in workday click save you have successfully established the connection you can now edit and add more workday hcm modules if your connection requires reauthorization, follow the connection renewal steps docid\ so88fm6pkt0g adkddfzz set up workday hcm for oauth2 connections follow these steps in workday to retrieve the client credentials and refresh tokens necessary to establish an oauth2 connection to generate client credentials in your workday account search bar, search for and select the register api client for integrations task fill in the client name field check the non expiring refresh tokens box this is important to minimize risk of integration down time if it is not selected, a new refresh token must be manually created and entered into {{product name}} after each expiration add the following scopes (functional areas) system for wql functionality and tenant non configurable for raas functionality click ok copy the client id and client secret values and store them in a safe place this is important as you will not be able to view the client secret again after leaving this page and you will be required to generate new credentials you have successfully created the client id and client secret to be used when creating the oauth2 connection in {{product name}} configure refresh tokens in your workday account, go to view api clients find the relevant api client and click on > api client > manage refresh tokens for integrations note this is also where you can edit api client scopes, generate new client secrets, and find new refresh tokens if an expiration date was set in the manage refresh tokens for integrations window, enter the workday account to be assigned to the api client this account must have access to the reports you would like to work with wql, raas, and soap api security is tied to the workday account click ok in the delete or regenerate refresh token task, click the generate new refresh token box copy the refresh token and store it in a safe place note each workday account will have its own refresh token, but can have the same client id and client secret as other accounts linked to the api client you have successfully created the refresh token to be used when creating the oauth2 connection in {{product name}} workday human capital management modules after connecting to the workday human capital management app, you can choose from a list of available modules to build your {{scenario plural lowercase}} add a dependent creates a new dependent record add a retiree status updates the status of a worker who was previously terminated, marking them as retired in the system add a stock grant adds stock grants to an employee by initiating the request stock option grant business process add an additional job creates a new job position entry for an employee who is already in the system add an employee initiates the hiring process to add a new employee to your system create or update search settings creates new search configurations or modifies existing ones in workday to customize how search results are displayed and filtered create or update a job family creates a new job family or updates the details of an existing job family create or update a job family group creates a new job family group or updates the details of an existing job family group create or update a job profile creates a new job profile or updates an existing one with the provided details create or update a location creates a new location or updates the details of an existing location create or update a pre hire creates a new pre hire applicant record or updates an existing applicant’s information create or update a worker document creates a new worker record or updates an existing worker's information in the database delete a retiree status reactivates an employee by removing their retired status, allowing them to return to active employment end a contingent worker contract terminates the contract of a specified contingent worker enroll in learning content enrolls learners into specific learning content using the "enroll in content" business process get a contingent worker retrieves detailed information about a contingent worker, including their contract details and personal data get a raas report fetches a specific raas (reporting as a service) report using its report url requires an oauth2 connection for access get a worker document fetches detailed information from a worker's document get a worker event history fetches a list of all event records linked to a specific worker, filtered by event type and date criteria get a worker profile fetches specific details about a worker, including their employment or contract status, personal information, and compensation data get an employee retrieves detailed information about an employee, including their employment status, personal details, and compensation data hire an employee converts a new or existing applicant into an official employee by assigning them to a specific position, headcount, or job role list academic ranks fetches a list of academic rank titles from the system list certification issuers fetches a list of all certification issuers that have been set up in the system list company vehicles allows you to retrieve a list of all company vehicles or filter to access specific vehicles list competency categories fetches a complete list of all available competency categories from your account list competency snapshots fetches detailed competency snapshot data to support translation integration processes list contact types fetches a list of contact types based on the provided request references or search criteria list currencies retrieves a list of all currencies currently available within a specific tenant account list job requisitions fetches detailed information about job requisitions and includes a reference to the associated job position list roe history data fetches detailed canadian employment history information for a specified record of employment (roe) list time off plan balances fetches up to date time off balances for each worker, organized by their specific time off plans list workday accounts of a user retrieve workday account details for one or multiple specified users list workers retrieves detailed public and private data for the selected workers list or get a pre hire by email fetches a list of pre hires (job applicants) or retrieves details of a specific pre hire using their email address make a rest api call executes a custom rest api request to the connected service using oauth2 authentication make a soap api call executes a custom soap api request using your authorized credentials make a soap api call (advanced) executes a custom soap api request using your authorized credentials manage an employee probation periods event creates a new probation period for a worker or updates an existing probation period assigned to them move workers by organization transfers workers from one organization to another move a job requisition transfers a job requisition from its current job management organization to a different job management organization within your system request a compensation change enables you to initiate a compensation change request for an employee through the compensation change business process request a leave of absence submits a new request for a leave of absence request a return from leave of absence generates a new record for an employee returning from a leave of absence request request an employee merit adjustment submits a request to adjust an employee's merit, starting the employee merit adjustment workflow run a wql query executes a wql (workday query language) query on your workday account using an oauth2 connection search timesheets fetches detailed timesheet records for workers based on the specified criteria terminate an employee removes an employee from the organization's system, ending their employment status update a dependent updates the information or details of an existing dependent in your system update a stock grant enables you to modify the details of a stock grant that has already been assigned to an employee update a workday account updates the details of an existing workday account, such as the username or password, using the provided information watch workers triggers when a new worker profile is created in your system templates you can look for more templates in https //www make com/en/templates , where you'll find thousands of pre created {{scenario plural lowercase}} workday human capital management resources you can have access to more resources related to this app on the following links https //community make com/search?q=workday%20human%20capital%20management https //www workday com/en us/products/human capital management/overview\ html https //community workday com/sites/default/files/file hosting/productionapi/versions/v38 1/index html https //www make com/en/integrations/workday hcm