This document outlines how to set an OAuth 2.0 Workday | MaestroQA Integration
Access Requirement: The user completing these steps must have Security Administration access in the System functional area.
Steps
Find your Tenant Name
Go to my account > Organization ID.
Document the value to enter in MaestroQA later
Find your Workday Host
Search for Public Web Service in the search box.
Select Public Web Service from the search results.
Under Actions, select the Web Services list and select View WSDL.
The WSDL file is opened for viewing.
Locate the hostname value assigned to the location element. For example,
location="https:hostname/ccx/...)".Document the hostname value from the location element to enter in MaestroQA later. For example,
services1.myworkday.com
Create a MaestroQA Integration User
On the Workday system, search for the Create Integration System User task
Enter the required details for Account Information in the task (User Name, Password, etc) to create an integration user.
Example User Name:MaestroQAUser
Create an Integration Security Group
On the Workday Accounts system, search for the Create Security Group task.
Select Integration System Security Group (Unconstrained)
Modify the Integration System Security Group to associate the domains required by the Workday Integration System.
Add the MaestroQA Integration User to this Security Group.
Search for the Activate Pending Security Policy Change task and run it.
Register an API Client
Access the Register API Client for Integrations task
Enter the Client Name (MaestroQA)
Keep the default Non-Expiring Refresh Tokens checkbox selected.
From the Scope (Functional Areas) prompt, select pertinent scopes. Exact scopes will be driven by business discovery. To reduce the likelihood of errors, we recommend including the following::
Integration
Organizations and Roles
System
Staffing
Tenant Non-Configurable
Contact Information
(Optional) If you want Workday to authorize OAuth 2.0 client access only from specified IP address ranges, select the ranges from the Restricted to IP Ranges prompt. If required, request IPs from MaestroQA
Workday will generate a unique Client ID and Client Secret. Document these values to enter in MaestroQA later
Generate a Refresh Token
Use the Integration User created in step 3 to generate a new refresh token with View API Client for Integrations.
Select the newly created API client, and go to API Client Actions > API Client > Manage Refresh Tokens for Integration.
Select the Workday Account for which the refresh token must be generated, and then select Next.
Select the Generate New Refresh Token checkbox, and then select OK
Document the value to enter in MaestroQA later
Create a Custom Report
Search for and select the Create Custom Report task
Make the following selections:
Enter a Report Name.
Choose Advanced as the Report Type.
Select Enable As Web Service.
Select your Data Source.
Click OK.
Add all desired attributes to the custom report. The following are required (NOTE: Capitalization must exactly match!):
employee_id
email
preferred_name
Click OK to create the custom report
Next to the report name, select Actions > Web Service > View URLs
Right-click JSON and choose Copy URL
Document the value to enter in MaestroQA later
Share the custom report with the MaestroQA Integration User
Search for Edit Custom Report
Find and select your custom report. Click OK.
Go to the Share tab. Select Share with specific authorized groups and users.
Select the MaestroQA Integration User
Click OK.
Input the following data into MaestroQA directly at https://app.maestroqa.com/settings/integrations/workday (requires Admin access to MaestroQA):
Workday Host (from step 2)
Tenant Name (from step 1)
Client ID (from step 5)
Client Secret (from step 5)
Refresh Token (from step 6)
Custom Report JSON URL (from step 7)