TalentWall for Workday
      Back to home
      1. Help Center
      2. Crosschq Connectors
      3. TalentWall for Workday

      Workday ISU configuration for TalentWall, Voice, and Insights (recruiting analytics)

      Prior to integrating with Crosschq's Workday connector for TalentWall, Voice, and/or Insights (recruiting analytics), please complete the following steps in Workday. This will ensure the correct permissions are enabled to pull data from Workday into Crosschq.

      Step 1: Create integration system user

      1. Login to your Workday tenant.

      2. In the search bar, type Create Integration System User and select the task of the same name.

      3. A window will appear where you will create the credentials for a new ISU.
        1. Enter a user name and password (note: due to xml encoding, "&", "<", and ">" cannot be included in the password). Remember to store your credentials as they will be used at a later step to set up the connection between Workday and TalentWall!
        2.  Leave unchecked the Require New Password at Next Sign In flag
      4. Click OK.

      Step 2: Assign ISU to password expiry exemption list

      To ensure uninterrupted syncing between Crosschq and Workday, we recommend adding this new ISU to the list of System Users exempt from password expiration.

      1. In the search bar, type Maintain Password Rules and select the task of the same name.
      2. On the next screen, scroll down to the setting, System Users exempt from password expiration. Click the menu icon at the top-right corner, and search for the newly created ISU. Check the box for the ISU so that it gets added to the list of users exempt from password expiration.
      3. Click OK.

      Step 3: Create and assign security group

      1. In the search bar, type Create Security Group and select the task of the same name.
      2. A window will appear where you will create the security group.
        1. Under the Type of Tenanted Security Group dropdown, select Integration System Security Group (Unconstrained).
        2. Enter a name for the security group.
      3. Click OK.
      4. You will be taken to a new window where you will assign the ISU to the security group. Under the field for Integration System Users, click the menu icon to search for and select the ISU that you created from step 1.
      5. Click OK.

      Step 4: Enable domain security policy permissions

      1. In the search bar, type Maintain Permissions for Security Group and select the task of the same name.
      2. A window will appear where you will select what operation to perform on your previously created security group.
        1. Under the Operation field, select Maintain.
        2. Under the Source Security Group, click the menu icon to search for and select the security group you created in step 3.
      3. Click OK.
      4. You will be taken to a new screen where you will add the required permissions for the TalentWall integration. To add a permission, click the plus icon to the left of the table.
      5. The following domain security policies need to be added with the corresponding access level:
        • Get Only | Manage: Evergreen Requisitions
        • Get Only | Integration Build
        • Get Only | Person Data: Work Contact Information
        • Get Only | Manage: Location
        • Get Only | Person Data: Personal Data
        • Get Only | Pre-Hire Data: Name and Contact Information
        • Get Only | Manage Pre-Hire Process: Manage Pre-Hires
        • Get Only | Person Data: Home Contact Information
        • Get Only | Candidate Data: Interview Schedule
        • Get Only | Candidate Data: Interview Feedback Results
        • Get Only | Worker Data: Public Worker Reports
        • Get Only | Worker Data: Workers
        • Get Only | Worker Data: All Positions
        • Get Only | Worker Data: Current Staffing Information
        • Get Only | Worker Data: Employment Data
        • Get Only | Worker Data: Organization Information
        • Get Only | Worker Data: Add Worker Documents
        • Get Only | Job Requisition Data
        • Get Only | Job Postings
        • Get and Put | Move Candidate
        • Get and Put | Manage Pre-Hire Data
        • Get and Put | Candidate Data: Edit Job Application
        • Get and Put | Job Requisitions for Recruiting
        • Get and Put | Candidate Data: Personal Information
        • Get and Put | Set Up: Pre-Hire Process
        • Get and Put | Candidate Data: Other Information
        • Get and Put | Manage Pre-Hire Process
        • Get and Put | Candidate Data: Job Application
        • Get and Put | Prospects
        • View and Modify | Candidate Data: Other Information
        • View and Modify | Custom Report Creation
        • View and Modify | Report Definition Sharing - All Authorized Users
      6. Once all permissions have been added, click OK.

      Step 5: Activate security policy changes

      1. In the search bar, type Activate Pending Security Policy Changes and select the task of the same name.
      2. In the next window, enter any comment to describe the recent security policy changes that you made from step 4.
      3. Click OK.
      4. On the next screen, check the Confirm box and select OK.

      Step 6: Validate authentication policy is sufficient

      1. In the search bar, type Manage Authentication Policies and select the report of the same name.
      2. Make sure that the ISU you created is added to a policy that can access the necessary domains. The policy should not be restricted to only the "SAML" Allowed Authentication Types – if this is the case, you can create or edit an Authentication Policy with a "User Name Password" Allowed Authentication Type. From the settings after you have created or edited an authentication policy:
          1. Click the plus icon to add an authentication rule.
          2. Enter an Authentication Rule Name and select the security group that you created in step 3.
          3. Enter an Authentication Condition Name and make sure the Allowed Authentication Type is set to User Name Password or Any.
          4. Click OK.

      Step 7: Activate authentication policy changes

      1. In the search bar, type Activate All Pending Authentication Policy Changes and select the task of the same name.
      2. On the next screen, enter a comment to describe the previous authentication policy changes applied in step 6.
      3. Click OK.
      4. On the next screen, check the Confirm box and select OK.

      Step 8: Copy web services endpoint for Workday tenant

      1. In the search bar, type Public Web Services and select the report of the same name.
      2. On the next page, search for the web service called, Recruiting (Public).
      3. Hover over the web service name, click the corresponding ellipsis, and select Web Service > View WSDL.
      4. An XML file will load on your browser. Within this XML, navigate to the very bottom of the page.
      5. Within the "soapbind:address" tag, copy the location URL starting from https:// until you reach /service. The URL should resemble something similar to https://wd5-services1.myworkday.com/ccx.
      6. Store this part of the URL as it will be used to set up the connection between Workday and TalentWall.

      Once all steps have been completed, retrieve the following:

      1. The URL that you copied from step 8 (this is also called the web services endpoint).
      2. The ISU username that you created in step 1.
      3. The ISU password that you created in step 1.
      4. The Workday Tenant Name for your org. For example, if you sign in at "https://wd5-services1.workday.com/acme", enter "acme".

      Now, follow this article to input the above credentials in Crosschq.