As part of today’s digital environment, integrating third-party applications with enterprise systems is increasingly necessary. Workday, a leading provider of cloud applications for finance and HR purposes, offers OAuth 2.0 within its API framework to allow users to grant secure access to third-party clients using it; users must register their clients with Workday before activating it – this blog provides a comprehensive guide on registering API clients within Workday.
OAuth 2.0 is a widely recognized protocol for authorisation that allows third-party apps to gain limited access to an HTTP service either on behalf of its resource owner or independently. Workday uses OAuth 2.0 as part of their secure data access solution in order to safeguard user credentials without risk.
Step 1: Navigating to the Tenant Setup – Security Task
1. Sign in to Workday: Begin by accessing Workday using the appropriate administrative credentials.
2. Navigating to Security Sections: After signing in, navigate directly to “Security”, usually located under either “Setup” or “Administration.”
3. Modify Tenant Configuration – Security: Locate and choose the “Modify Tenant Configuration – Security” task, which allows for configuring different security settings for your renter.
Step 2: Enable OAuth 2.0 Clients
1. Locate OAuth 2.0 Settings: On the “Edit Tenant Setup – Security” page, scroll down until you reach “OAuth 2.0 Settings.”
2. Enable OAuth 2.0 Clients: To activate OAuth 2.0 functionality for your tenant, check the “OAuth 2.0 Clients Enabled” checkbox and enable this functionality. This step is essential in registering and managing OAuth 2.0 clients.
Step 3: Register API Client
1. Start the Registration Procedure: Upon activating OAuth 2.0, it is necessary to register an API client by choosing “Register the API Client”.
2. Provide Client Details: Input your client details into OAuth 2.0 by choosing “Input Client Details.” This includes information like your company details or client type information such as your name.
Client Name: Create an identifiable and meaningful designation for your client. – Grant Category: Select the applicable grant category such as Authorisation Code, Client Credentials or Refresh Token.
Enable Proof Key for Code Exchange (PKCE): Select this option if your client requires Proof Key for Code Exchange, which is highly recommended as it increases security for public customers.
Implement 60-Minute Access Token Expiration: When selected, this feature ensures access tokens expire after 60 minutes – an essential practice in security.
ISUs (Integration System Users): Select which ISUs your client will utilize; these designated system users have been established for integration objectives. Access Token Types (Bearer/JWT) are offered.
Redirection URL: Provide the URI where the authorisation server will redirect a user-agent following an authorisation request, this field is required when using an Authorisation Code grant type.
Refresh Token Expiration: Customise the expiration duration for refresh tokens to indicate when their validity must be renewed.
Non-Expiring Refresh Tokens: This option allows non-expiring refresh tokens, although this is generally inadvisable due to security considerations.
When deactivating the client temporarily for any reason, choose this checkbox; temporary deactivation can provide benefits like protecting client access while other work is completed on it.
Grant Administrative Consent: Select this option to grant administrative consent to your customers and grant them access to all scopes without needing user authorisation.
Scope (Functional Domains): Define the functional domains that the client may access, such as “Payroll,” “Human Resources,” etc.
Workday Owned Scope: Check this box if the scope belongs to Workday as predefined scopes may have already been defined for them.
Permitted Origin Grid: Define which sources may access client accounts to facilitate Cross-Origin Resource Sharing (CORS).
Create a New Client Secret: Finally, produce a new client secret to authenticate them when making API requests.
Step 4: Conserve and Validate
1. Save Your Configuration: Preserve the configuration to register an API client with Workday after providing all the required details.
2. Confirm Registration: Confirm that the client was successfully registered – look in OAuth 2.0 Clients for its listing.
Integrating third-party applications with Workday via its API infrastructure is a great way to extend its functionality.
By activating OAuth 2.0 and registering API clients, you ensure your integrations are safe, scalable, and compliant with industry best practices.
Whether it’s a custom HR solution or financial tool integration, following all necessary steps will guarantee smooth access and ensure the security of your Workday data.
