Skip to content
  • There are no suggestions because the search field is empty.

Workday Connector for ApplicantX

The Crosschq ApplicantX Fraud Detection Workflow.

Every 5 minutes, our system automatically reviews all incoming job applications to ensure the integrity of your hiring process. Each application is individually assessed by our fraud detection engine, which analyzes a comprehensive set of risk signals.

If any fraudulent indicators are found, the application is immediately flagged and updated with a detailed breakdown of the identified risks, ranked from most to least critical, so your team always knows where to focus first.

If no fraud is detected, you’ll still receive a transparent summary of the security checks performed, giving you full confidence that every application has been thoroughly reviewed.

Workday Required Configuration: Security/Permissions

Please complete the following steps in Workday. This will ensure the correct permissions are enabled to pull data from Workday into Crosschq.

 

Step 1: Create integration system user

  1. Login to your Workday tenant.

  2. In the search bar, type Create Integration System User and select the task of the same name.

  3. A window will appear where you will create the credentials for a new ISU.
    1. Enter a user name and password (note: due to xml encoding, "&", "<", and ">" cannot be included in the password). Remember to store your credentials as they will be used at a later step to set up the connection between Workday and TalentWall!
    2.  Leave unchecked the Require New Password at Next Sign In flag
  4. Click OK.

 

Step 2: Assign ISU to password expiry exemption list

To ensure uninterrupted syncing between Crosschq and Workday, we recommend adding this new ISU to the list of System Users exempt from password expiration.

  1. In the search bar, type Maintain Password Rules and select the task of the same name.
  2. On the next screen, scroll down to the setting, System Users exempt from password expiration. Click the menu icon at the top-right corner, and search for the newly created ISU. Check the box for the ISU so that it gets added to the list of users exempt from password expiration.
  3. Click OK.

 

Step 3: Create and assign security group

  1. In the search bar, type Create Security Group and select the task of the same name.
  2. A window will appear where you will create the security group.
    1. Under the Type of Tenanted Security Group dropdown, select Integration System Security Group (Unconstrained).
    2. Enter a name for the security group.
  3. Click OK.
  4. You will be taken to a new window where you will assign the ISU to the security group. Under the field for Integration System Users, click the menu icon to search for and select the ISU that you created from step 1.
  5. Click OK.

 

Step 4: Enable domain security policy permissions

  1. In the search bar, type Maintain Permissions for Security Group and select the task of the same name.
  2. A window will appear where you will select what operation to perform on your previously created security group.
    1. Under the Operation field, select Maintain.
    2. Under the Source Security Group, click the menu icon to search for and select the security group you created in step 3.
  3. Click OK.
  4. You will be taken to a new screen where you will add the required permissions for the TalentWall integration. To add a permission, click the plus icon to the left of the table.
    1. Once all permissions have been added, click OK.Below are the required domain security policies needed with the corresponding access level:

      Worker

        • Get Only | Worker Data: Current Staffing Information
        • Get Only | Worker Data: Workers
        • Get Only | Worker Data: Add Worker Documents
        • Get Only | Public Worker Reports
        • Get Only | Person Data: Work Contact Information

      Candidate

        • Get and Put | Candidate Data: Job Application
        • Get Only | Candidate Data: Personal Information
        • Get Only | Candidate Data: Other Information
        • Get Only | Candidate Data: Interview Schedule
        • Get and Put | Candidate Data: Attachments
        • Get Only | Candidate Reporting
        • Get Only | Candidate Tags

      Job / Requisitions

        • Get Only | Job Requisitions for Recruiting
        • Get Only | Job Requisition Data
        • Get Only | Indexed Data Source: Job Requisitions
        • Get Only | Job Postings
        • Get and Put | Move Candidate
        • Get Only | Prospects
        • Get Only | Manage: Evergreen Requisitions
        • Get Only | Confidential Job Requisitions

      Organization/Location

        • Get Only | View: Supervisory Organization
        • Get Only | Organization: Supervisory Organization
        • Get Only | Manage: Supervisory Organization
        • Get Only | Manage: Location

      Integration/System

        • Get Only | Integration Build
        • View and Modify | Workday Query Language – View and Modify
    • Once all permissions have been added, click OK.

     

    Step 5: Activate security policy changes

    1. In the search bar, type Activate Pending Security Policy Changes and select the task of the same name.
    2. In the next window, enter any comment to describe the recent security policy changes that you made from step 4.
    3. Click OK.
    4. On the next screen, check the Confirm box and select OK.

     

    Step 6: Validate authentication policy is sufficient

    1. In the search bar, type Manage Authentication Policies and select the report of the same name.
    2. Make sure that the ISU you created is added to a policy that can access the necessary domains. The policy should not be restricted to only the "SAML" Allowed Authentication Types – if this is the case, you can create or edit an Authentication Policy with a "User Name Password" Allowed Authentication Type. From the settings after you have created or edited an authentication policy:
        1. Click the plus icon to add an authentication rule.
        2. Enter an Authentication Rule Name and select the security group that you created in step 3.
        3. Enter an Authentication Condition Name and make sure the Allowed Authentication Type is set to User Name Password or Any.
        4. Click OK.

     

    Step 7: Activate authentication policy changes

    1. In the search bar, type Activate All Pending Authentication Policy Changes and select the task of the same name.
    2. On the next screen, enter a comment to describe the previous authentication policy changes applied in step 6.
    3. Click OK.
    4. On the next screen, check the Confirm box and select OK.

    Please complete the following steps in Workday. This will ensure the correct permissions are enabled to pull data from Workday into Crosschq.

    Workday Required Configuration: Fraud Alert Custom Object

    Step 1: Create the Custom Object

    Log in to your Workday account and search for and open the task Create Custom Object.

    In the Workday Object field, select Job Application. Set the Custom Object Name to Fraud Signals.

    Step 2: Configure the Custom Object

    Complete the required fields and click Next to proceed through each section:

    General Settings

    Configure as needed.

    Field Definitions

    Please note that the signal fields are a recommendation — your team has full flexibility to decide how many signals you'd like to display. If you'd prefer to see more, Crosschq can adjust the mapping accordingly. When no signals are detected, Crosschq will populate 7 fields to indicate the 7 modules that were analyzed and confirm that no fraud was found. Add the following required fields:

    Field Label Field Type Web Service Alias
    Report URL Text fraudReportUrl
    Risk Level Text fraudRiskLevel
    Score Decimal fraudScore
    Signal 01 Text fraudSignal
    Signal 02 Text fraudSignal2
    Signal 03 Text fraudSignal3
    Signal 04 Text fraudSignal4
    Signal 05 Text fraudSignal5
    Signal 06 Text fraudSignal6
    Signal 07 Text fraudSignal7
    Signal 08 Text fraudSignal8
    Signal 09 Text fraudSignal9
    Signal 10 Text fraudSignal10
    Fraud Feedback URL Text fraudFeedbackUrl

    Permissions

    • Domain Setup: Recruiting

    Review

    Review the summary and make any necessary edits, then click OK.

    On the optional next screen, click OK again.

    Review the resulting view and click Done.

    Step 3: Verify the Custom Object

    Open a candidate profile and navigate to the Additional Data tab.

    Confirm that the custom object appears correctly.

    Step 4: Add Custom Fields to the Job Application View

    Search for and open the task View Grid Configuration.

    Select your Job Application view (e.g., Default Candidate List for Global Modern Services) and click OK.

    Step 5: Configure Columns

    Click Configure.

    Under Individual Columns, add the custom fields you want to display:

    • Report URL
    • Risk Level
    • Any other required fields

    Click OK, then Done.

    Step 6: Validate the Configuration

    Open a Job Application or Candidate list and confirm that the new columns are visible. Adjust column order or visibility at any time via View/Edit Grid Preferences.

    Crosschq ATS Hub interactions

    What data will Workday receive from Crosschq on Fraud analysis?

    When a job application is flagged as potentially fraudulent, the relevant signal fields will be automatically populated with all identified risk indicators, prioritized by severity — from the most critical to the least. In cases where no fraud is detected, a summary of the security checks and modules evaluated during the analysis will be provided for full transparency.

    What is the Fraud Feedback URL for?

    In case the user finds some inaccurate fraud risk evaluation, we provide this URL to submit feedback about it.