Workday
Connector name |
|
Connector type | Executable |
Type (UI field value) | Workday Human Resources |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Bravura Security Fabric performs the following operations on Workday, Human Capital Management (HCM), by using the agtworkday connector (depending on your product license):
user change password
create account
disable account
enable account
add user to group
delete user from group
check account enabled
get server information
update attributes
list account attributes
List:
accounts
attributes
groups
members
For a full list and explanation of each connector operation, see connector operations.
Preparation
Before you can manage passwords and accounts on a Workday target system, you must:
Set up a target system administrator.
Create at least one template account, if you want to use Bravura Security Fabric to create accounts in Workday.
Setting up a target system administrator
Bravura Security Fabric uses a designated account on Workday to perform Bravura Security Fabric operations. Create an administrative account with permissions for managing users through the Workday API, if one does not already exist. It is not necessary to grant the account permissions to manage users via the Workday web GUI.
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new application accounts in a DB2 database.
The steps required to create a template account depend on your application. Consult your systems administrator or application documentation for more information.
Targeting Workday
For each Workday system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).
Type is Workday Human Resources.
Note: In Connector Pack 4.5 and earlier, Workday was listed in the Applications category.
Address uses options described in the table below.
The full list of target parameters is explained in Target System Options .
Option | Description |
|---|---|
Options marked with a | |
Server | The Workday API service end point URL where request is posted. This is set to wd2-impl-services1.workday.com by default. (key: server) |
Port | Default is 443. (key: port) |
Connection over SSL | (optional) Select to enforce SSL connections. Default is "true". (key: ssl) |
Validate the server’s certificate when connecting | Determines whether to validate the server’s security certificate for SSL connections. Default is "true". (key: checkCert) |
HTTP Network Proxy | Optional (key: proxy) |
Workday tenant | The Workday client instance name. (key: tenant) |
Version | (Optional) Specify the client Workday instance version, typically it’s also the API version. (key: ver) |
Config file path | (Optional) Specify the name of the configuration file. It must be located in the script directory. (key: file) |
Writing the configuration script
Added the TransactionTimeOffset option in Connector Pack4.5.0.
A sample configuration script (workday.cfg) is shipped in the samples directory. If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.
The configuration file includes key-value pairs. In general, the left side is the returned attribute name while the right side is the data field path; for example:
"Manager_Employee_ID" = "Worker_Data/Position_Data/ Manager_as_of_last_detected_manager_change_Reference/ID?type=Employee_ID"
means to get the field with path:
"Worker_Data/Position_Data/Manager_as_of_last_detected_manager_change_Reference/ID"
whose attribute "type" is "Employee_ID", this is typically for getting the field value stated below:
<FieldName type="Fieldtype"> <ID type="WID">WID_value</ID> <ID type="Employee_ID">Employee_ID_value</ID> </FieldName>
In this case it gets that second ID value. The value will be populated into the returned attribute as "Manager_Employee_ID".
Additional information for the following options in the workday.cfg sample configuration script:
ForwardLookingDays Set the number of forward looking days when listing future hires.
TransactionLogPath Set this to the path for an XML output file to export the future hire listing into a separate file for future processing, otherwise the listing will be in the default list database file.
TransactionLogPagesize Specify the page size when listing future hires.
TransactionTimeOffset Specify a time offset in seconds to accommodate the strict workday API time restriction when listing future hires. Default is 60 seconds.
Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Workday Human Resource target system from the Manage the system > Resources > Account attributes > Target system type menu.
For information about the native Workday attributes managed by Bravura Security Fabric , consult your Workday documentation.