# Integration with Workday ### Overview Integrating Workday with MangoApps enables synchronization of user data from Workday's HRIS system into MangoApps. This integration helps with user management, ensures data consistency, and improves user experience by automatically syncing employee information like name, contact details, employment status, and more.

This guide outlines the steps required to successfully set up and manage the integration between Workday and MangoApps. *** ### Required Roles To complete this integration, specific administrative roles and permissions are required on both platforms: #### In Workday * You must have **Administrator permissions** in your company’s Workday tenant. * You must be able to create and manage Integration System Users, Security Groups, and Domain Security Policies. #### In MangoApps * You must be a **Domain Admin** with access to the Admin Portal and Integration settings. *** ### Workday Side Setup #### Step 1: Create an Integration System User (ISU) In Workday, search for **Create Integration System User**.

Fill in the user name and password fields (avoid using &, <, > as these **cannot** be included in the password).

{% hint style="danger" %} Do **NOT** check the box next to **Require New Password at Next Sign In**. {% endhint %} To ensure the password does not expire, we will want to add this new user to the list of System Users. To do this, save and then search for **Maintain Password Rules**.

Add the ISU to the list of **System Users exempt from password expiration**.

*** #### Step 2: Create a Security Group Search for **Create Security Group**.

Choose **Integration System Security Group (Unconstrained)**.

Name the group and assign the ISU created earlier in Step 1.

*** #### Step 3: Configure Domain Security Policy Permissions Search for **Maintain Permissions for Security Group**.

For the Operation, select **Maintain**. Then, in the **Source Security Group**, choose the above configured security group.

On the next screen, add the corresponding **Domain Security Policies** depending on your use case.

If you are connecting Workday HRIS, the following permissions need to be allowed:

Operation	Domain Security Policy
Get Only	Worker Data: Public Worker Reports This is the minimum required permission
Get Only	Person Data: Name
Get Only	Person Data: Personal Data
Get Only	Person Data: Home Contact Information
Get Only	Person Data: Work Contact Information
Get Only	Person Data: Private Work Email Integration This is required to surface work email of Employees
Get Only	Person Data: Public Work Email Address Integration This is required to surface work email of Employees
Get Only	Worker Data: Compensation
Get Only	Worker Data: Compensation by Organization
Get Only	Worker Data: Workers
Get Only	Worker Data: All Positions
Get Only	Worker Data: Current Staffing Information This is required to surface the Employment Status of Employees
Get Only	Worker Data: Employment Data
Get Only	Worker Data: Compensation - All Workers’ Positions Past and Present This is required to pull Historical Employment
Get Only	Worker Data: Organization Information
Get Only	Reports: Pay Calculation Results for Worker (Results)
Get Only	Worker Data: Payroll
Get Only	Process: Export Time Blocks This is required to retrieve Timesheet Entries
Get Only	Person Data: Personal Photo
Get Only	Worker Data: Time Off* *Specific instructions to allow access to Time Off data can be found here.

{% hint style="success" %} Refer to the full permissions list based on your use case (HRIS or ATS). {% endhint %} Once complete, it should look similar to this:

*** #### Step 4: Activate Security Policy Changes In the search bar, enter **Activate Pending Security Policy Changes**.

Review the security policy summary in the pop-up, then confirm the changes.

*** #### Step 5: Validate Authentication Policies Search for **Manage Authentication Policies** in the Search bar.

Click **Edit** on the authentication policy row to create a new Authentication Policy.

Within this edit menu, click the plus icon (+) to create an authentication rule for the policy.

Enter a **Name** for the policy, add the **Security Group**, and ensure **Allowed Authentication Types** is set to **Specific User Name Password** or **Any**.

{% hint style="warning" %} If you already have an existing Authentication Rule set to **User Name Password** or **Any**, there's no need to create a new one. Simply add the ISU you created to that existing rule. However, if **SAML** is the only option listed under **Allowed Authentication Types**, you will need to create a new rule. {% endhint %} *** #### Step 6: Activate Authentication Policy Changes Search for **Activate All Pending Authentication Policy Changes**.

Proceed to the next screen and confirm the changes. This will save the **Authentication Policy** that was just created or edited in the step above. *** #### Step 7: Obtain Web Services Endpoint URL Search for **Public Web Services**.

Locate **Human Resources (Public)** for **Workday HRIS**. Click the 3-dot option menu and **Click Web Services** from the menu.

From **Web Services**, click **View WSDL**, scroll down, and copy the **endpoint URL** as it appears in the WSDL.

*** ### MangoApps Side Setup #### Step 1: Access Integration Settings Log in to MangoApps as an admin and navigate to **Admin Portal > Integration > Partner Integration**.

*** #### Step 2: Add the Workday Integration Click the **Add Integration** button. In the pop-up menu, search and select **Workday**.

*** #### Step 3: Authenticate and Configure Account Proceed through the authentication steps and ensure administrative privileges are used.

*** #### Step 4: Enter Workday Credentials Enter the **Integration System User** credentials.

Then, input the **Web Services Endpoint URL** from Workday.

*** #### Step 5: Initiate User Synchronization Submit the configuration and MangoApps will begin syncing user data. *** #### Step 6: Configure Field Mapping After sync, proceed to **Configure Mapping**.

Map default and custom fields between Workday and MangoApps.

{% hint style="success" %} If the profile fields you need are not available in the Field Mappings pop-up, you can add custom fields by going to [**Admin Portal > Modules > People > Full Profile**](https://guides.mangoapps.com/admin-guide/module-settings/people/full-profile/managing-profile-fields#adding-a-new-custom-field). After adding and mapping the custom fields, be sure to **Force Sync** or wait for the next scheduled sync cycle for the changes to take effect in the domain. {% endhint %} Save the mapping. Congratulations! The integration has been completed and will automatically update MangoApps with user data from Workday. *** ### Testing Considerations * Perform the initial sync in a test environment if possible. * Validate field mappings and ensure key employee data (e.g., name, email, employment status) is accurately transferred. * Check for sync errors in the MangoApps admin logs. * Ensure ISU permissions are not restricted by unforeseen domain or data constraints. *** ### Security Considerations * Use a strong, non-expiring password for the Integration System User. * Restrict the ISU’s permissions to only the necessary domain policies. * Ensure secure storage of credentials and endpoint URL in MangoApps. * Regularly review the authentication and domain security policies in Workday for compliance. *** ### End User Experience Once the integration is live: * End users will see their Workday-sourced profile details (e.g., name, title, department) automatically populated in MangoApps. * Any updates to employee data in Workday will reflect in MangoApps after each synchronization cycle. * Users do not need to take any manual action for their profiles to update. *** ### Rollout Recommendations * **Pilot First**: Begin integration with a small group of users or a test Workday environment. * **Communicate Clearly**: Inform users and admins about upcoming profile updates and the source of the data. * **Monitor Sync**: After rollout, monitor the sync logs regularly to ensure consistency and resolve any discrepancies. * **Schedule Regular Syncs**: Ensure synchronization occurs at defined intervals to keep MangoApps data up to date. * **Document and Train**: Provide internal documentation and training for admins managing the integration. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://guides.mangoapps.com/integrations-guide/hris-partner-integrations/integration-with-workday.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.