Integration between third-party applications and enterprise systems has become an essential element of modern life. Workday, one of the leading cloud applications for finance and HR purposes, offers OAuth 2.0 within its API framework to grant secure access to third-party clients; users must register them first before activating them – this blog provides an informative guide on registering API clients within Workday.
OAuth 2.0 is an industry standard protocol for authorisation that allows third-party apps to gain limited access to an HTTP service either on behalf of its resource owner or independently.
Workday implements OAuth 2.0 into their secure data access solution in order to protect user credentials without risk.
Step 1: Navigating to Tenant Setup – Security Task
1. Log into Workday with Administrative Credentials: After signing in, navigate directly to “Security”, typically located under either “Setup” or “Administration.”
2. Modify Tenant Configuration – Security: Locate and select the “Modify Tenant Configuration – Security” task, which allows for customizing security settings for each renter.
Step 2: Enable OAuth 2.0 Clients
1. Locate OAuth 2.0 Settings: Navigate to the “Edit Tenant Setup – Security” page and scroll down until you reach “OAuth 2.0 Settings.”
2. Enable OAuth 2.0 Clients: To activate OAuth 2.0 functionality for your tenant, check “OAuth 2.0 Clients Enabled” and enable this functionality. This step is key in registering and managing OAuth 2.0 clients.
Step 3: Register API Client
1. Launch Registration Procedure: After activating OAuth 2.0, it is necessary to register an API client by selecting “Register the API Client”.
2. Provide Client Details: Entering client details into OAuth 2.0 by selecting “Input Client Details,” such as company information and client-type data such as name.
Client Name: Create an easily identifiable and meaningful designation for your client.
Grant Category: Choose an applicable grant category such as Authorisation Code, Client Credentials or Refresh Token.
Enable Proof Key for Code Exchange (PKCE): Select this option if your client requires Proof Key for Code Exchange, which is highly recommended as it increases security for public customers.
Implement 60-Minute Access Token Expiration: When chosen, this feature ensures access tokens expire every 60 minutes – an essential practice in security.
ISUs (Integration System Users): Determine which ISUs your client will utilize; these designated system users have been established for integration purposes. Access Token Types such as Bearer/JWT are also offered.
Redirection URL: Provide the URI where an authorisation server will redirect users following an authorization request; this field is required when using an Authorisation Code grant type.
Refresh Token Expiration: Set an expiration timer on refresh tokens to indicate when their validity must be renewed. Non-Expiring Refresh Tokens: Activate this option if desired for non-expiring refresh tokens; however, due to security considerations it is generally unadvisable.
When temporarily deactivating a client for any reason, use this checkbox; temporary deactivation can provide significant advantages, including protecting client access while other work is being completed on it.
Grant Administrative Consent: Use this option to grant administrative consent to your customer and give them access to all scopes without needing user authorisation.
Scope (Functional Domains): Define which functional domains clients may access, such as “Payroll,” “Human Resources,” etc. Workday Owned Scope: Check this box if the scope belongs to Workday as predefined scopes may already have been defined for it.
Permitted Origin Grid: Determine which sources may access client accounts in order to enable Cross-Origin Resource Sharing (CORS). Mes Its – Produce New Client Secret: Finally, produce a client secret in order to authenticate them when making API requests.
Step Four: Conserve and Validate
1. Save Your Configuration: After providing all the details required to register an API client with Workday, preserve its configuration by saving.
2. Confirm Registration: Verify that the client was successfully registered – for instance by checking OAuth 2.0 Clients listing to see its presence.
Integrating third-party apps with Workday via its API infrastructure is an excellent way to expand its functionality.
By activating OAuth 2.0 and registering API clients, you ensure your integrations are safe, scalable, and compliant with industry best practices.
Whether it’s a custom HR solution or financial tool integration, taking all necessary steps will guarantee smooth access while protecting the security of your Workday data.
Integrating third-party applications with Workday through the API infrastructure effectively enhances the capabilities of your Workday system.
Enabling OAuth 2.0 and registering API clients guarantees that your integrations are safe, scalable, and adhere to best practices.
When developing a bespoke HR solution or integrating a financial application, adhering to the correct procedures for registering and configuring OAuth 2.0 clients will provide seamless and secure access to your Workday data.
By adhering to the aforementioned steps, your API customers will be safely authenticated, and the requisite permissions and access will be conferred.
Through the adaptability of OAuth 2.0, Workday enables organisations to utilise other products and services while preserving oversight of their confidential data.
