Workday Integration Setup

  • Updated

OnePlan

To complete the OnePlan setup, you need to be an admin (user with Owner permissions) in OnePlan.

  1. Log into your OnePlan group using your OnePlan login credentials.
  2. Access the Admin pages by clicking on the settings (gear) icon at the top right of the browser.  
  3. Navigate to the Integration section in the left-hand navigation panel.
  4. Next to the Authentication Keys section click the + Add Key button.
  5. Provide a descriptive name or title for the Authentication Key to denote its purpose, then click ADD
  6. Store the OnePlan group name and the Authentication Key securely. This grants access to your OnePlan group for any program. Please note that the key will no longer be visible after the page is refreshed.

Note: It's recommended to generate a new authentication key for every integration and assign a descriptive name to each key, enabling clear association with its corresponding integration. This practice enhances security, simplifies management, and facilitates easier tracking and troubleshooting.

2024 Authentication Key.png

OneConnect Setup Process

To complete the OneConnect setup, you need have Administrator or Editor privileges in the OneConnect group you wish to set the integration up in.   

  1. Go to https://my.oneconnect.ai 
  2. Navigate to Workday to OnePlan. Click the Configure button. 

Workday Connector

  1. Authentication – For the integration to connect to Workday, all fields must be filled out.
    • EndPoint URL: Enter the Workday endpoint URL. (e.g., https://{TenantHostName}.workday.com/ccx/service)
    • Username & Password: Ensure that the provided username has the Do Not Allow UI Sessions setting checked.
    • Tenant Name: This may be different from the Tenant Host Name in the URL.
    • Version:
  2. Additional Integration Settings - These are options relating to the integration that might fulfill your needs.
    1. Check this box if you are using Human Resources Endpoint:
  3. Test & Save – Confirm the connection to Workday authenticates and save your settings. Located at the bottom of the connector.
    1. Test the connection to verify correct settings. A notification indicating Connected Successfully should appear in the top-right corner of the browser upon successful testing.
    2. Save the configuration to finalize setup.

OnePlan Connector

Connecting to OnePlan involves three key sections, each with its associated fields.

  1. Connect to OnePlan –
    • Optional: Group Name: The name of the OnePlan Group name you intend to integrate with.
    • Authentication Key: Paste the generated OnePlan Authentication Key obtained from OnePlan.
    • Optional: Alternate OnePlan Environment URL: If using an environment other than the default environment, select the appropriate URL from the available options. Located in Additional Options.
    • Optional: OData ID: Enter the OnePlan Groups OData ID. This can be located in your OnePlan Administration configuration within the Integration section.
  2. Test & Save - Confirm the connection to OnePlan authenticates and save your settings. Located at the bottom of the connector.
    • Test the connection to verify correct settings. A notification indicating Connected Successfully should appear in the top-right corner of the browser upon successful testing.
    • Save the configuration to finalize setup.

Integration Information

Default Field Mappings

Workers – Resources

Workday Fields OnePlan Fields Direction Notes
       
       
       

TimeOffAndOnLeave - Timesheets

Workday Fields OnePlan Fields Direction Notes
       
       
       

Strategies

SynchResources

Sync workers from Workday to OnePlan resources.

Integration Limitations

Workday Integration Scope

Our Workday integration is built using Workday’s Staffing API, which focuses specifically on staffing-related data. If your organization requires data outside the scope of the Staffing API – such as financials, time tracking, or other HR Modules – it may not be accessible through this integration.

In such cases, we recommend exporting the necessary data from Workday into a CSV file and using OneConnect’s Tabular Data integrations to import it. This approach offers flexibility for incorporating additional datasets not supported by the Staffing API.

Workday Username Setup

These steps must be completed by the Workday administrator.

  1. Create an Integration System Security Group
    • In the Workday task bar enter: Create Security Group
    • Type of Tenanted Security Group: Integration Security Group (Unconstrained)
    • Name: ISSG {Integration Name}
  2. Create the Integration System User
    • In the Workday task bar enter: Create Integration System User
    • Create the username (ISU {Integration Name}) and password. (note: this password will not be used by the web services and can be forgotten immediately or changed any time, as needed). Best practices for Workday are to have a separate ISSG and ISU for each integration. Thus if there is already an integration connecting Workday to a benefits provider, for example, then you would not want to utilize that integrations’ security setup for an integration with a different system/vendor.
    • Make sure the Do Not Allow UI Sessions is checked. This will prevent someone from logging into Workday with this account via the user interface, if the username/password is somehow compromised. (Using OAuth with this ISSG/ISU will make the username/password combination useless to any security breach)
  3. Associate the ISU with the ISSG
    • In the Workday task bar enter: View Security Group
    • Enter the name of the ISSG created earlier and click OK
    • Click the More Actions icon, on right of the title
    • In the Actions menu, select the first menu option, Integration System Sec… and choose Edit from the sub menu.
    • Once in Edit mode the Integration System Users selection box will be available to search for the ISU created earlier.  Enter a comment about what this Integration System Security Group is used for, if desired.
  4. Associate Web Services with security group
    • If SOAP web services are being utilized, they will need to be setup for the Security group.
    • In the Workday task bar enter: View Security for Securable Item
    • Enter the name of the SOAP web service. It should be entered exactly as in the SOAP reference guide.
    • There may be multiple results returned. Locate the web service entered and click the View Security button. (NOTE: document the “All Functional Areas” for the Web Service as well. This will be important when setting up OAuth.)
    • Next locate the appropriate security policy, there may be more than one and click the more actions icon () next to the Domain icon () for each policy to edit.
    • From the Actions menu, select Domain Security Policy and then Edit Permissions
    • Scroll down the page to the Integration Permissions section.
    • Add the ISSG created earlier to the list. Grant it GET/PUT access as deemed necessary for the specific Web Service need.
    • Once all security changes are made, use the Workday task Activate Pending Security Policy Changes to put those changes into effect.

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.