Integration with Workday

Overview

Integrating Workday with MangoApps enables synchronization of user data from Workday's HRIS system into MangoApps. This integration helps with user management, ensures data consistency, and improves user experience by automatically syncing employee information like name, contact details, employment status, and more.

This guide outlines the steps required to successfully set up and manage the integration between Workday and MangoApps.

Required Roles

To complete this integration, specific administrative roles and permissions are required on both platforms:

In Workday

• You must have Administrator permissions in your company’s Workday tenant.

• You must be able to create and manage Integration System Users, Security Groups, and Domain Security Policies.

In MangoApps

• You must be a Domain Admin with access to the Admin Portal and Integration settings.

Workday Side Setup

Step 1: Create an Integration System User (ISU)

In Workday, search for Create Integration System User.

Fill in the user name and password fields (avoid using &, <, > as these cannot be included in the password).

To ensure the password does not expire, we will want to add this new user to the list of System Users.

To do this, save and then search for Maintain Password Rules.

Add the ISU to the list of System Users exempt from password expiration.

Step 2: Create a Security Group

Search for Create Security Group.

Choose Integration System Security Group (Unconstrained).

Name the group and assign the ISU created earlier in Step 1.

Step 3: Configure Domain Security Policy Permissions

Search for Maintain Permissions for Security Group.

For the Operation, select Maintain. Then, in the Source Security Group, choose the above configured security group.

On the next screen, add the corresponding Domain Security Policies depending on your use case.

If you are connecting Workday HRIS, the following permissions need to be allowed:

Once complete, it should look similar to this:

Step 4: Activate Security Policy Changes

In the search bar, enter Activate Pending Security Policy Changes.

Review the security policy summary in the pop-up, then confirm the changes.

Step 5: Validate Authentication Policies

Search for Manage Authentication Policies in the Search bar.

Click Edit on the authentication policy row to create a new Authentication Policy.

Within this edit menu, click the plus icon (+) to create an authentication rule for the policy.

Enter a Name for the policy, add the Security Group, and ensure Allowed Authentication Types is set to Specific User Name Password or Any.

Step 6: Activate Authentication Policy Changes

Search for Activate All Pending Authentication Policy Changes.

Proceed to the next screen and confirm the changes. This will save the Authentication Policy that was just created or edited in the step above.

Step 7: Obtain Web Services Endpoint URL

Search for Public Web Services.

Locate Human Resources (Public) for Workday HRIS. Click the 3-dot option menu and Click Web Services from the menu.

From Web Services, click View WSDL, scroll down, and copy the endpoint URL as it appears in the WSDL.

MangoApps Side Setup

Step 1: Access Integration Settings

Log in to MangoApps as an admin and navigate to Admin Portal > Integration > Partner Integration.

Step 2: Add the Workday Integration

Click the Add Integration button. In the pop-up menu, search and select Workday.

Step 3: Authenticate and Configure Account

Proceed through the authentication steps and ensure administrative privileges are used.

Step 4: Enter Workday Credentials

Enter the Integration System User credentials.

Then, input the Web Services Endpoint URL from Workday.

Step 5: Initiate User Synchronization

Submit the configuration and MangoApps will begin syncing user data.

Step 6: Configure Field Mapping

After sync, proceed to Configure Mapping.

Map default and custom fields between Workday and MangoApps.

Save the mapping.

Congratulations! The integration has been completed and will automatically update MangoApps with user data from Workday.

Testing Considerations

• Perform the initial sync in a test environment if possible.

• Validate field mappings and ensure key employee data (e.g., name, email, employment status) is accurately transferred.

• Check for sync errors in the MangoApps admin logs.

• Ensure ISU permissions are not restricted by unforeseen domain or data constraints.

Security Considerations

• Use a strong, non-expiring password for the Integration System User.

• Restrict the ISU’s permissions to only the necessary domain policies.

• Ensure secure storage of credentials and endpoint URL in MangoApps.

• Regularly review the authentication and domain security policies in Workday for compliance.

End User Experience

Once the integration is live:

• End users will see their Workday-sourced profile details (e.g., name, title, department) automatically populated in MangoApps.

• Any updates to employee data in Workday will reflect in MangoApps after each synchronization cycle.

• Users do not need to take any manual action for their profiles to update.

Rollout Recommendations

• Pilot First: Begin integration with a small group of users or a test Workday environment.

• Communicate Clearly: Inform users and admins about upcoming profile updates and the source of the data.

• Monitor Sync: After rollout, monitor the sync logs regularly to ensure consistency and resolve any discrepancies.

• Schedule Regular Syncs: Ensure synchronization occurs at defined intervals to keep MangoApps data up to date.

• Document and Train: Provide internal documentation and training for admins managing the integration.