Skip to content

Workday Integration System User setup

The Workday Extract component requires that you have a Workday user account when setting up an API client for authentication purposes.

You should create a dedicated Integration System User within Workday for this purpose. This allows you to "ring fence" Matillion ETL's access to Workday's data. This article is a step-by-step guide to creating an Integration System User in Workday that can be used with Matillion ETL.


Creating an Integration System User

  1. Log in to your Workday account, and on the Workday home page type "Create Integration System User" into the search bar, then click the Create Integration System User task in the drop-down.
  2. In the Create Integration System User dialog, enter the following:
    • User Name: Enter a name for the Integration System User. This will be the user name you will lo gin with when creating the API client as described in the Workday Extract authentication guide.
    • Generate Random Password: It is not necessary to select this option.
    • New Password: Enter a password that satisfies the password rules listed below this field. This will be the password you will use when you log in to create the API client.
    • New Password Verify: Repeat the password.
    • Require New Password at Next Sign In: Ensure that this checkbox is not selected, as requiring the password to be changed by the user can cause the Matillion ETL integration to fail.
    • Session Timeout Minutes: This can be left as the default value.
    • Do Not Allow UI Sessions: We recommend that you select this option, as there is no need for the integration system user to log in to the Workday UI as a regular user.
  3. Click OK.
  4. On the Workday home page, type "Maintain Password Rules" into the search bar, then click the Maintain Password Rules task in the drop-down.
  5. In the Maintain Password Rules dialog, scroll down to the Session Timeout section. In the System Users exempt from password expiration field enter the name of the user you just created. This is to prevent an expired password causing the Matillion ETL integration to fail.
  6. Click OK.
  7. On the Workday home page, type "Create Security Group" into the search bar, then click the Create Security Group task in the drop-down.
  8. In the Create Security Group dialog, enter the following:
    • Type of Tenanted Security Group: Select Integration System Security Group (Unconstrained).
    • Name: Provide a name for the security group.
  9. Click OK.
  10. In the Edit Integration System Security Group (Unconstrained) dialog, enter the following:
    • Integration System Users: Enter the name of the integration system user you just created.
  11. Click OK.
  12. On the Workday home page, type "Domain Security Policies for Functional Area" into the search bar, then click the Domain Security Policies for Functional Area task in the drop-down.
  13. In the Domain Security Policies for Functional Area dialog, enter the following:
    • Functional Area: Select the Workday functional area that you need Matillion ETL to access, for example, Staffing.
  14. Click OK.
  15. In the Domain Security Policies for Functional Area dialog, you should select the security policies that the integration system security group will need access to. Repeat the following steps for each separate policy that you want to add.
  16. Click a policy in the left panel, and then click Edit Permissions in the right panel.
  17. In the Edit Permissions dialog, scroll down to the Integration Permissions table and click + to add a new row.
  18. In the Security Groups field of the new row, enter the name of the Integration System Security Group you defined previously.
  19. Select the Get option to allow the loading of Workday data into Matillion ETL. Select the Put option if the integration will be used to sync data from Matillion ETL into Workday. You can select both options.
  20. Click OK.
  21. Repeat steps 16 - 20 for each security policy that the integration system security group will need access to.
  22. On the Workday home page, type "Activate Pending Security Policy Changes" into the search bar, then click the Activate Pending Security Policy Changes task in the drop-down.
  23. In the Activate Pending Security Policy Changes dialog, enter a description of the security changes made in the previous steps and then click OK.
  24. Review the list of changes, then select Confirm and click OK.