Rippit | Workday Technical Integration Details

This document outlines how to set an OAuth 2.0 Workday | Rippit Integration

Access Requirement: The user completing these steps must have Security Administration access in the System functional area.

Steps

Find your Tenant Name
1. Go to my account > Organization ID.
2. Document the value to enter in Rippit later
Find your Workday Host
1. Search for Public Web Service in the search box.
2. Select Public Web Service from the search results.
3. Under Actions, select the Web Services list and select View WSDL.
4. The WSDL file is opened for viewing.
5. Locate the hostname value assigned to the location element. For example, location="https:hostname/ccx/...)".
6. Document the hostname value from the location element to enter in Rippit later. For example, services1.myworkday.com
Create a Rippit Integration User
1. On the Workday system, search for the Create Integration System User task
2. Enter the required details for Account Information in the task (User Name, Password, etc) to create an integration user.
  Example User Name: RippitUser
Create an Integration Security Group
1. On the Workday Accounts system, search for the Create Security Group task.
2. Select Integration System Security Group (Unconstrained)
3. Modify the Integration System Security Group to associate the domains required by the Workday Integration System.
4. Add the Rippit Integration User to this Security Group.
5. Search for the Activate Pending Security Policy Change task and run it.
Register an API Client
1. Access the Register API Client for Integrations task
2. Enter the Client Name (Rippit)
3. Keep the default Non-Expiring Refresh Tokens checkbox selected.
4. From the Scope (Functional Areas) prompt, select pertinent scopes. Exact scopes will be driven by business discovery. To reduce the likelihood of errors, we recommend including the following::
  1. Integration
  2. Organizations and Roles
  3. System
  4. Staffing
  5. Tenant Non-Configurable
  6. Contact Information
5. (Optional) If you want Workday to authorize OAuth 2.0 client access only from specified IP address ranges, select the ranges from the Restricted to IP Ranges prompt. If required, request IPs from Rippit
6. Workday will generate a unique Client ID and Client Secret. Document these values to enter in Rippit later
Generate a Refresh Token
1. Use the Integration User created in step 3 to generate a new refresh token with View API Client for Integrations.
2. Select the newly created API client, and go to API Client Actions > API Client > Manage Refresh Tokens for Integration.
3. Select the Workday Account for which the refresh token must be generated, and then select Next.
4. Select the Generate New Refresh Token checkbox, and then select OK
5. Document the value to enter in Rippit later
Create a Custom Report
1. Search for and select the Create Custom Report task
2. Make the following selections:
  1. Enter a Report Name.
  2. Choose Advanced as the Report Type.
  3. Select Enable As Web Service.
  4. Select your Data Source.
  5. Click OK.
3. Add all desired attributes to the custom report. The following are required (NOTE: Capitalization must exactly match!):
  1. employee_id
  2. email
  3. preferred_name
4. Click OK to create the custom report
5. Next to the report name, select Actions > Web Service > View URLs
6. Right-click JSON and choose Copy URL
7. Document the value to enter in Rippit later
8. Share the custom report with the Rippit Integration User
  1. Search for Edit Custom Report
  2. Find and select your custom report. Click OK.
  3. Go to the Share tab. Select Share with specific authorized groups and users.
  4. Select the Rippit Integration User
  5. Click OK.
Input the following data into Rippit directly at https://app.rippit.com/settings/integrations/workday (requires Admin access to Rippit):
1. Workday Host (from step 2)
2. Tenant Name (from step 1)
3. Client ID (from step 5)
4. Client Secret (from step 5)
5. Refresh Token (from step 6)
6. Custom Report JSON URL (from step 7)