Workday

General information

Workday connector provides an ability to get user data and user permissions from Workday HR system and modify user's email addresses. The operations that could be performed by using OpenIAM are - search and modify.

Installation and connection to OpenIAM

In an RPM installation please use the general startup script to start the connector. Dockerized deployment version is also available for the connector.

General usage

During Managed System configuration you should provide service account username (Login filed), password, tenant name (Host URL field) and URL for APIs in Attributes section.

Steps to be performed on Workday side

Grant access to the service account to call human resources API.

Synchronization

Instruction how to set up synchronization is provided in a separate document. OpenIAM provides out of the box sync configurations and groovy scripts. Connector allows to pull user personal and employee data, organization roles (as part of user sync run) and security groups ( as separate sync run). Parameters for building search query:

  • pagesize (default value 999, you can decrease it to avoid timeout error when calling API)
  • effectivefrom (default value not set, can be provided in search query in format yyyy/MM/dd)
  • entrydatetime (default value not set, can be provided in search query in format yyyy/MM/dd)
  • excludeinactiveworkers (if true will bring only active users)
  • excludeemployees (if true will not bring employee users)
  • excludecontingentworkers (if true will not bring contingent users)
  • includesecuritygroups (if true will bring security group names for each user in return attribute "securityGroups" separated by ";" if user has multiple groups)
  • includeroles (if true will bring organization roles for each user in return attribute "organizationRoles" in format roleType:roleName separated by ";" if user has multiple roles)

Note about returned data: attribute jobData can be multivalued and has following structure with values separated by ";" getPositionData().getPositionID(), getPositionData().getPositionTitle(), getPositionData().getBusinessTitle(), getPositionData().getWorkerTypeReference(), getPositionData().getWorkerTypeReference(), getPositionData().getStartDate() getPositionData().getEndEmploymentDate() getPositionData().getEndDate() getPositionData().getManagerAsOfLastDetectedManagerChangeReference()

Example of query to get all active users (employees and contingent workers with organization roles and groups: excludeinactiveworkers=true&excludecontingentworkers=false&excludeemployees=false&includesecuritygroups=true&includeroles=true

Connector Troubleshooting and Tips

Connector troubleshooting could be done by raising logging level to DEBUG mode (-Dlogging.level.org.openiam=DEBUG)