Before connecting Spark Hire and Workday, we'll need to make sure that the correct permissions are enabled. Below are some detailed steps for granting permissions.
Step One: Create an Integration System User (ISU)
- In your Workday portal, log into the Workday tenant.
- In the Search field, type Create Integration System User.
- Select the Create Integration System User task.
- On the Create Integration System User page, in the Account Information section, enter a user name, and enter and confirm a password.
- Click OK.
- Due to xml encoding, "&", "<", and ">" cannot be included in the password.
- Ensure Require New Password at Next Sign In is NOT checked.
- You'll want to add this user to the list of System Users to make sure the password doesn't expire.
Step Two: Create a Security Group and Assign an Integration System User
Now, add this Integration System User to a Security Group:
- In the Search field, type Create Security Group.
- Select the Create Security Group task.
- Click OK.
- On the Create Security Group page, from the Type of Tenanted Security Group pull-down menu, select Integration System Security Group (Unconstrained).
- In the Name field, enter a name.
- Click OK.
- On the Edit Integration System Security Group (Unconstrained) page, in the Name field, enter the same name you entered when creating the ISU in the first section.
- Click OK.
Step Three: Configure Domain Security Policy Permissions
- In the Search field, type Maintain Permissions for Security Group
- Make sure the Operation is Maintain, and the Source Security Group is the same as the security group that was assigned in Step 2.
- Add the corresponding Domain Security Policy with GET and PUT operation:
|
Operation |
Domain Security Policy |
Functional Areas |
|
Get Only |
Worker Data: Public Worker Reports |
Staffing |
|
Get Only |
Worker Data: Workers |
Staffing |
|
Get Only |
Worker Data: All Positions |
Staffing |
|
Get Only |
Worker Data: Current Staffing Information |
Staffing |
|
Get Only |
Job Requisition Data |
Pre-Hire Process |
|
Get Only |
Worker Data: Employment Data |
Staffing |
|
Get Only |
Worker Data: Organization Information |
Staffing |
|
Get Only |
Manage Pre-Hire Process: Manage Pre-Hires |
Pre-Hire Process |
|
Get and Put |
Manage Pre-Hire Data |
Pre-Hire Process |
|
Get and Put |
Candidate Data: Edit Job Application |
Recruiting |
|
Get and Put |
Job Requisitions for Recruiting |
Recruiting |
|
Get and Put |
Candidate Data: Personal Information |
Recruiting |
|
Get and Put |
Set Up: Pre-Hire Process |
Pre-Hire Process |
|
Get and Put |
Candidate Data: Other Information |
Recruiting |
|
Get and Put |
Manage Pre-Hire Process |
Pre-Hire Process |
|
View and Modify |
Candidate Data: Other Information |
Recruiting |
|
Get and Put |
Candidate Data: Job Application |
Recruiting |
|
Get and Put |
Move Candidate |
Recruiting |
|
Get and Put |
Prospects |
Recruiting Talent Pipeline |
|
Get |
Manage: Evergreen Requisitions |
Consolidated Candidate Pool Evergreen Reporting Link Evergreen and Job Requisitions |
Step Four: Activate Security Policy Changes
- In the search bar, type "Activate Pending Security Policy Changes" to view a summary of the changes in the security policy that needs to be approved.
- Add any relevant comments on the window that pops up
- Confirm the changes in order to accept the changes that are being made.
Step Five: Validate Authentication Policy is Sufficient
Check the Manage Authentication Policies section to ensure the ISU you created is added to a policy that can access the necessary domains. It should not be restricted to only the "SAML" Allowed Authentication Types – if this is the case, you can create a new Authentication Policy with a "User Name Password" Allowed Authentication Type.
- Editing Authentication Policies
- Create an Authentication Rule, and add the Security Group to the Rule
- Make sure the Allowed Authentication Types is set to specific User Name Password or set to Any
Step Six: Activate All Pending Authentication Policy Changes
- In the search bar type, Activate All Pending Authentication Policy Changes
- Proceed to the next screen, and confirm the changes. This will save the Authentication Policy that was just created.
Step Seven: Obtain the Web Services Endpoint for Workday Tenant
We'll need access to your specific Workday web services endpoint:
- Search in Workday for Public Web Services.
- Open Public Web Services Report.
- Hover over Recruiting and click the three dots to access the menu. If you are integrating with your Workday ATS, please find Recruiting instead and access that menu.
- Click Web Services > View WSDL.
- Navigate to the bottom of the page that opens and you'll find the host.
- Copy everything until you see /service. This should look something like https://wd5-services1.myworkday.com/ccx.
Connect Workday and Spark Hire
When all of the steps above are completed, you're ready to connect Workday and Spark Hire.
- Log in to Spark Hire and go to Settings > Integrations > Workday
- Click Configure the connection.
- After clicking the button, a prompt will appear. Click Continue.
- Next, you'll be asked to enter the following information:
- Workday Web Services Endpoint URL (from Step Seven).
- User ID: Enter the Integration System User name for the user created in Step One.
- Password: Enter the Integration System User password for the user created in Step One.
- Workday Tenant Name: Enter your Workday Tenant name
- Example: If you sign in at https://wd5-services1.workday.com/acme, enter acme
- Example: If you sign in at https://wd5-services1.workday.com/acme, enter acme
- The password used cannot contain an "&" or "<", ">"signs.
- Please make sure to exempt the ISU Account from MFA and SSO
Comments
0 comments
Article is closed for comments.