Workday ISU Account Creation

Last Updated:

This page aims to help with Account Creation and Assigning Domain Security Policies

Create Integration System User (ISU)

Step 1: The first step in creating the ISU account is to start with the Workday task, “Create Integration System User”. You can go to the search bar to type in the task name.

img 1.png


Step 2: Select a username and type in a secure password of your choosing. Please make sure that you uncheck the box, “Require New Password at Next Sign In”

img 2.png

Step 3: Click “Done”.

Step 4: Confirm ISU account has been created by viewing “All Workday Accounts” and filter on the username you created

img 3.png


Create Security Group

In order for Beamery and Workday to exchange the necessary information for the partner certified integration, the ISU account must have the proper permissions. In order to do that, we must create a security group and assign the proper domain security policies to that group.

Step 1: Run the “Create Security Group” task.

img 4.png

Step 2: When creating the group, the group type must be “Integration System Security Group (Unconstrained). Select a name for the group and click “OK”

img 5.png

Step 3: Assign the ISU account you created to your new security group and click “OK”.

img 6.png


Assign Domain Security Policies

Lastly, you need to assign the required permissions to the security group you just created. In Workday security domain policies are assigned to security groups and security groups can then be assigned to users.

There are a few paths to getting to where you can maintain the policies in a security group, but we will start by viewing the security groups assigned to our ISU account.

Step 1: The first step is to run the “View Security Groups for User” report.

img 7.png

Step 2: Search with the ISU username and click “OK”.

img 8.png

Step 3: You should see the security groups for the ISU account, including the one you just created. Scroll down to that security group and click on the link.

img 9.png

Step 4: Go to the ellipses > Security Group > Maintain Domain Permissions for Security Group.

img 10.png

Step 5: Add all of the required domain security policies with the proper view/modify access for the “Integration Permissions”. For a list of required domain security policies, please see the guide Workday Integration Prerequisites & Setup Details in the "Security Domains Required" Section.


img 11.png

Below is a screenshot of what you should see. Please note that you don’t see all 13 policies listed in the “Get” section since anything you have “Put” access for, you also have “Get access for.


Step 5: Activate your security policy changes.

In Workday all security changes are “pending” until they are activated by a user with proper permissions. You can see in the screenshot below, the “Has Pending Changes” is “Yes”. You must run the “Activate Pending Security Policy Changes” task.

img 13.png

Enter a comment and click “OK”.

img 14.png

You will see a list of changes that were made. You must check the “Confirm” box and click “OK”.

img 15.png


View Domain Security Policies

If you want to confirm your changes, you can run the “View Security Groups” report and search on the name of the security group you created.



x509 Certificate-Based Authentication:

In Addition to Password Authentication, Beamery supports Workday tenants with Certificate-Based Authentication, allowing for improved security for your Workday instance. Check with your Integrations Consultant.