In order to connect to Workday you will need to create an Integration System User with the correct permissions and provide the login information to Finch.

Step by step guide

  1. Create an Integration System User in Workday

    1. Log in to your Workday portal
    2. In the search bar at the top of the page, search for “Create Integration System User”
    3. Select the “Create Integration System User” task
    4. Enter a username and password of your choosing for the new Integration System User. Save this information as it will be required throughout the connection process.
      Make sure the password does not contain any of the following characters: “&”, “<”, “>” Workday-Finch-Connect-1.png
    5. Ensure that “Require New Password at Next Sign In” is not checked
    6. Set “Session Timeout Minutes” to 0
    7. Ensure that “Do Not Allow UI Sessions” is checked
    8. Click “OK” to create the Integration System User
  2. Configure a Security Group

    1. In the search bar at the top of the page, search for “Create Security Group”
    2. Select the “Create Security Group” task
    3. On the “Create Security Group” page, from the “Type of Tenanted Security Group” dropdown, select “Integration System Security Group (Unconstrained)”
    4. Enter a name for the security group in the “Name” field
    5. Click “OK” to create the security group
    6. On the “Edit Integration System Security Group (Unconstrained)” page enter the name of the Integration System User you created in the “Integration System Users” field Workday-Finch-Connect-2.png
    7. Click “OK” to assign the Integration System User to the security group
  3. Configure the Domain Security Policy Permissions

    1. In the search bar at the top of the page, search for “Maintain Permissions for Security Group”
    2. Select the “Maintain Permissions for Security Group” task
    3. Make sure the “Operation” is “Maintain”, and the “Source Security Group” is the security group you created
    4. Add each of the following Domain Security Policy Permissions
      View/Modify AccessDomain Security Policy
      Get OnlyPerson Data: Name
      Get OnlyPerson Data: Personal Data
      Get OnlyPerson Data: Home Contact Information
      Get OnlyPerson Data: Work Contact Information
      Get OnlyWorker Data: Compensation
      Get OnlyWorker Data: Workers
      Get OnlyWorker Data: All Positions
      Get OnlyWorker Data: Current Staffing Information
      Get OnlyWorker Data: Public Worker Reports
      Get OnlyWorker Data: Employment Data
      Get OnlyWorker Data: Organization Information
      Get OnlySet Up: Company General
  4. Activate Security Policy Changes

    1. In the search bar at the top of the page, search for “Activate Pending Security Policy Changes”
    2. Select the “Activate Pending Security Policy Changes” task
    3. View the summary of changes waiting to be approved and check the “Confirm” checkbox Workday-Finch-Connect-3.png
  5. Configure Authentication Policy

    1. In the search bar at the top of the page, search for “Manage Authentication Policies”
    2. Select the “Manage Authentication Policies” report
    3. Verify that the Security Group is assigned to a policy that has an “Allowed Authentication Type” of “User Name Password” or “Any”.
      If this is not the case you must edit the relevant Authentication Policy to add a rule using the steps below:
      • Edit the Authentication Policy for the environment you want Finch to retrieve data from
      • Add a new Authentication Rule for the policy
      • Set the “Authentication Rule Name” to a unique value to identify the rule
      • Set the “Security Group” to the Security Group you created
      • Set the “Authentication Conditions” to “Any” and the “Allowed Authentication Types” to “Specific > User Name Password” Workday-Finch-Connect-4.png Workday-Finch-Connect-5.png Workday-Finch-Connect-6.png
  6. Activate Authentication Policy Changes

    1. In the search bar at the top of the page, search for “Activate Pending Authentication Policy Changes”
    2. Select the “Activate Pending Authentication Policy Changes” task
    3. View the summary of changes waiting to be approved and check the “Confirm” checkbox Workday-Finch-Connect-7.png
  7. Obtain the Web Services Endpoint URL

    1. In the search bar at the top of the page, search for “Public Web Services”
    2. Select the “Public Web Services” report
    3. Find the “Human Resources (Public)” item in the “Web Service” column and hover over it so you can click the “…” menu that appears
    4. In the “…” menu click “Web Service > View WSDL”
    5. A new page will open containing the technical specifications for the Workday Human Resources Web Service
    6. Scroll all the way to the bottom of the page and locate the line containing soapbind:address location=
      • You can also search within the page using Ctrl+F or Cmd+F for the text soapbind:address location=
    7. Copy the URL up until /service The resulting URL should look something like https://wd5-services1.myworkday.com/ccx Workday-Finch-Connect-8.png
    8. Save this URL to provide to Finch
  8. Connect Using Finch Connect

    1. Paste the username and password for the Integration System User into the “Username” and “Password” fields
    2. Paste your Workday tenant ID into the “Tenant ID” field. You can find this value in the URL of your web browser when on the Workday home page:
      • If the URL looks like https://impl.workday.com/somecompany then your tenant ID is somecompany
      • If the URL looks like https://somecompany.workday.com then your tenant ID is somecompany
    3. Paste the Web Services Endpoint URL you copied earlier into the “API Base URL” field
    4. Click “Connect”
  9. Select a Company to Connect

Finch Connect will ask you to select which company you’d like to connect. This is a list of companies retrieved from your Workday system that employees area assigned to.

The company you connect will be the only company Finch will retrieve data for. If you have other companies you also want to connect you will have to repeat the “Connect Using Finch Connect” section for each one.