You might already have a suitable Integration System User. If not, use the following procedure to add one.
The Integration System User must be part of an Unconstrained Integration System Security Group with a series of Get Only Domain Security Policies granted to it to access the appropriate worker data. These domains relate to worker data about their employment status, home and work contact information, and organizations to which they belong.
  1. Go to your Workday tenant and enter create integration system user in the search field.
  2. Under Tasks & Reports, click Create Integration System User.
  3. Enter a username and password for the new user.
  4. Leave the Require New Password at Next Sign In option clear.
  5. For Session Timeout Minutes, enter 0. This option helps avoid any issues with PingOne related to timeouts.
  6. Select Do Not Allow UI Sessions to prevent this user from signing into Workday.
  7. Click OK.
    A screen capture of the Workday Create Integration System User screen
Adding the Integration System User to a Security Group