Connecting to Workday
You can connect your Workday instance to the Celonis Platform, allowing you to extract your reporting data from 5 different areas: Human Resources, Financial Management, Resource Management, Revenue Management and Reports.
To connect your Workday instance to the Celonis Platform, a number of prerequisites must be matched:
Prerequisites for connecting to Workday
To extract your reporting data, you need to configure a Workday Integration System User (ISU) account with permissions to access Workday's web service operations. For security reasons, Workday restricts each ISU to a single integration system.
While we provide steps for this below, we recommend using the Workday documentation for the latest information: Workday documentation
Select Create Integration System User task.
Keep Session Timeout Minutes default (zero).
Select Do Not Allow UI Sessions to not allow the ISU for logging into your Workday system through the UI.
Select Create Security Group task.
As a type, select Integration System Security Group (Unconstrained) or Integration System Security Group (Constrained). The main difference between those is that constrained version results will only returned for objects that have a connection with constraint. For example, for workers in the US organizational entity only
In Group Criteria, select newly created ISU to be included in the security group.
Identify required security needed for specific operations (View Security for Securable Item) and edit domain security policies.
Select the Domain Security Policies for Functional Area report.
Select a security policy.
Select Edit Permissions.
Grant Get access for specific domain to newly created ISSG.
Access Activate Pending Security Policy Changes task.
Select Confirm checkbox to activate your changes.
To use OAuth2 two further prerequisites are required:
Generate a key pair
A tool like Cygwin can be used.
For generating a key pair and storing it in a key store called “JWTkeystore.jks” with an exemplary password “Workday123!” use the following command:
keytool -genkey -keyalg RSA -alias Workday -keystore JWTkeystore.jks -storepass Workday123! -validity 360 -keysize 2048
To extract the public key and save it as a file called “publickey.cert” use the following command:
keytool -export -alias Workday -keystore JWTkeystore.jks -rfc -file publickey.ce
Register API Client in the Workday system
In Workday, execute “Register API Clients”.
Select "JWT Bearer Grant as the Client Grant Type".
Under "X509 Certificate", select "Create x509 Public Key" and paste the content of publickey.cert.
Select "Scope (Functional Areas)" that are relevant to the REST and SOAP APIs you wish to call.
Creating a data connection between Workday and the Celonis Platform
With access to your Workday authentication credentials, you can create a data connection between your Workday instance and the Celonis Platform from your data pool diagram:
Click Data Connections.
Click Add Data Connection and select Connect to Data Source.
Select Cloud - Workday.
Configure the following connection details:
Name: An internal reference for this data connection.
API version: Select the API you want to use, with the latest being the recommended.
Authentication method: Choose between store credentials (username, password, tenant, and host) and OAuth (client ID, user ID, private key, tenant, and host).
Report configuration: Enter the details for the reports you want to extract from Workday. You can also do this is JSON format, see:
Click Test Connection and correct any issues highlighted.
Click Save.
The connection between your Workday instance and the Celonis Platform is establised. You can manage this connection at any time by clicking Options:
Supported API endpoints
When connecting your Workday instance to the Celonis Platform, the following API endpoints are supported:
The Workday Hire-to-Retire connector uses Workday's SOAP-based Human Resources Web Service which contains operations that expose Workday Human Capital Management Business Services data, incl. employee, contingent worker and organization info. The Celonis Extractor uses the below operations to retrieve data from Workday:
API call | Description |
|---|---|
Get_Employee | Retrieves granular information about individual employments (e.g., position, job, status). |
Get_Employee_Employment_Info | Retrieves granular information about individual employments (e.g., position, job, status). |
Get_Former_Workers | Retrieves data for individuals that have previously been employed but were not included as a Workday worker, incl. their personal/job details and contact info as of termination date. |
Get_Job_Categories | Retrieves job categories data for the specified criteria (all if no criteria specified), incl. reference ID, name, description and inactive flag. |
Get_Job_Profiles | Retrieves data related to job profiles for the specified criteria (all if no criteria is specified), organized into different response groups. |
Get_Locations | Retrieves data related to a location for the specified criteria (all if no criteria is specified). |
Get_Organizations | Retrieves data related to an organization, incl. staffing configuration, structure, etc. |
Get_Supervisory_Organization_Assignment_Restrictions | Retrieves the organization assignment default values and allowed values for supervisory organizations. |
Get_Worker_Event_History | Retrieves references to all events created through workflows associated with a worker based on the event type and data parameters. |
Get_Worker_Profile | Retrieves a subset of data related to a worker and their employment/contract, personal info, as well as compensation. |
Get_Workers | Retrieves public and private information for specified workers. |
GET Payments
GET PaymentTypesTable
GET StopItem
GET BusinessUnits
GET CurrencyConversionRates
GET CurrencyRateTypes
GET CompanyOrganizations
GET CostCenters
GET ResourceCategories
GET FinancialRevenueCategories
GET Suppliers
GET PurchaseOrders
GET PurchaseRequisitions
GET PurchaseItems
GET Receipts
GET PurchaseOrderChangeOrders
GET SpendCategoryHierarchies
GET SupplierInvoiceAdjustments
GET SupplierInvoices
GET SupplierContracts
GET Customers
GET CustomerCategories
GET CustomerDeposits
GET CustomerGroups
GET CustomerInvoiceAdjustments
GET CustomerInvoices
GET CustomerPayments
GET CustomerRefunds
GET RevenueCategories
GET SalesItems
GET SalesItemGroups
GET Report