For Workday provisioning, PingOne
requires an Integration System User in Workday with a minimally scoped set of permissions.
PingOne uses this user account to
consume data from Workday through the Workday APIs.
You might already have a suitable Integration System User.
If not, use the following procedure to add one.
The Integration System User must be part of an
Unconstrained Integration System Security Group with a series of Get
Only
Domain Security Policies granted to it to access the appropriate
worker data. These domains relate to worker data about their employment status, home and
work contact information, and organizations to which they belong.
-
Go to your Workday tenant and enter create integration system
user in the search field.
-
Under Tasks & Reports, click Create
Integration System User.
-
Enter a username and password for the new user.
-
Leave the Require New Password at Next Sign In option
clear.
-
For Session Timeout Minutes, enter
0. This option helps avoid any issues with PingOne related to
timeouts.
-
Select Do Not Allow UI Sessions to prevent this user
from signing into Workday.
-
Click OK.