This page aims to help with Account Creation and Assigning Domain Security Policies
- Create Integration System User (ISU)
- Create Security Group
- Assign Domain Security Policies
- View Domain Security Policies
Create Integration System User (ISU)
Step 1: The first step in creating the ISU account is to start with the Workday task, “Create Integration System User”. You can go to the search bar to type in the task name.
Step 2: Select a username and type in a secure password of your choosing. Please make sure that you uncheck the box, “Require New Password at Next Sign In”
Step 3: Click “Done”.
Step 4: Confirm ISU account has been created by viewing “All Workday Accounts” and filter on the username you created
Create Security Group
In order for Beamery and Workday to exchange the necessary information for the partner certified integration, the ISU account must have the proper permissions. In order to do that, we must create a security group and assign the proper domain security policies to that group.
Step 1: Run the “Create Security Group” task.
Step 2: When creating the group, the group type must be “Integration System Security Group (Unconstrained). Select a name for the group and click “OK”
Step 3: Assign the ISU account you created to your new security group and click “OK”.
Assign Domain Security Policies
Lastly, you need to assign the required permissions to the security group you just created. In Workday security domain policies are assigned to security groups and security groups can then be assigned to users.
There are a few paths to getting to where you can maintain the policies in a security group, but we will start by viewing the security groups assigned to our ISU account.
Step 1: The first step is to run the “View Security Groups for User” report.
Step 2: Search with the ISU username and click “OK”.
Step 3: You should see the security groups for the ISU account, including the one you just created. Scroll down to that security group and click on the link.
Step 4: Go to the ellipses > Security Group > Maintain Domain Permissions for Security Group.
Step 5: Add all of the required domain security policies with the proper view/modify access for the “Integration Permissions”. For a list of required domain security policies, please see the guide Workday Integration Prerequisites & Setup Details in the "Security Domains Required" Section.
Below is a screenshot of what you should see. Please note that you don’t see all 13 policies listed in the “Get” section since anything you have “Put” access for, you also have “Get access for.
Step 5: Activate your security policy changes.
In Workday all security changes are “pending” until they are activated by a user with proper permissions. You can see in the screenshot below, the “Has Pending Changes” is “Yes”. You must run the “Activate Pending Security Policy Changes” task.
Enter a comment and click “OK”.
You will see a list of changes that were made. You must check the “Confirm” box and click “OK”.
View Domain Security Policies
If you want to confirm your changes, you can run the “View Security Groups” report and search on the name of the security group you created.
x509 Certificate-Based Authentication:
In Addition to Password Authentication, Beamery supports Workday tenants with Certificate-Based Authentication, allowing for improved security for your Workday instance. Check with your Integrations Consultant.