Quality of Hire for Workday (ATS)
      Back to home
      1. Help Center
      2. Crosschq Connectors
      3. Quality of Hire for Workday (ATS)

      Workday ISU Configuration for Quality of Hire (ATS)

      The steps below outline how to create an Integration System User in Workday.

      Workday set up

      Crosschq set up

      Step 1: Create integration system user

      1. Login to your Workday tenant.

      2. In the search bar, type Create Integration System User and select the task of the same name.

      3. A window will appear where you will create the credentials for a new ISU.
        1. Enter a user name and password (note: due to xml encoding, "&", "<", and ">" cannot be included in the password). Remember to store your credentials as they will be used at a later step to set up the connection between Workday and Crosschq!
        2.  Leave unchecked the Require New Password at Next Sign In flag
      4. Click OK.

       

      Step 2: Assign ISU to password expiry exemption list

      To ensure uninterrupted syncing between Crosschq and Workday, we recommend adding this new ISU to the list of System Users exempt from password expiration.

      1. In the search bar, type Maintain Password Rules and select the task of the same name.
      2. On the next screen, scroll down to the setting, System Users exempt from password expiration. Click the menu icon at the top-right corner, and search for the newly created ISU. Check the box for the ISU so that it gets added to the list of users exempt from password expiration.
      3. Click OK.

      Step 3: Create and assign security group

      1. In the search bar, type Create Security Group and select the task of the same name.
      2. A window will appear where you will create the security group.
        1. Under the Type of Tenanted Security Group dropdown, select Integration System Security Group (Unconstrained).
        2. Enter a name for the security group.
      3. Click OK.
      4. You will be taken to a new window where you will assign the ISU to the security group. Under the field for Integration System Users, click the menu icon to search for and select the ISU that you created from step 1.
      5. Click OK.

      Step 4: Enable domain security policy permissions

      1. In the search bar, type Maintain Permissions for Security Group and select the task of the same name.
      2. A window will appear where you will select what operation to perform on your previously created security group.
        1. Under the Operation field, select Maintain.
        2. Under the Source Security Group, click the menu icon to search for and select the security group you created in step 3.
      3. Click OK.
      4. You will be taken to a new screen where you will add the required permissions for the Crosschq integration. To add a permission, click the plus icon to the left of the table.
      5. Below are the required domain security policies needed with the corresponding access level:
        • Get Only | Candidate Data: Job Application
        • Get Only | Job Requisition Data
        • Get Only | Job Requisitions for Recruiting
        • Get Only | Job Postings
        • Get Only | Manage: Evergreen Requisitions
        • Get Only | Candidate Data: Interview Schedule
        • Get Only | Candidate Data: Interview Feedback Results
        • Get Only | Candidate Data: Other Information
        • Get Only | Manage: Location
        • Get Only | Worker Data: Public Worker Reports
        • Get Only | Worker Data: All Positions
        • Get Only | Integration Build
        • View and Modify | Custom Report Creation
      6. Once all permissions have been added, click OK.

      Step 5: Activate security policy changes

      1. In the search bar, type Activate Pending Security Policy Changes and select the task of the same name.
      2. In the next window, enter any comment to describe the recent security policy changes that you made from step 4.
      3. Click OK.
      4. On the next screen, check the Confirm box and select OK.

      Step 6: Validate authentication policy is sufficient

      1. In the search bar, type Manage Authentication Policies and select the report of the same name.
      2. Make sure that the ISU you created is added to a policy that can access the necessary domains. The policy should not be restricted to only the "SAML" Allowed Authentication Types – if this is the case, you can create or edit an Authentication Policy with a "User Name Password" Allowed Authentication Type. From the settings after you have created or edited an authentication policy:
          1. Click the plus icon to add an authentication rule.
          2. Enter an Authentication Rule Name and select the security group that you created in step 3.
          3. Enter an Authentication Condition Name and make sure the Allowed Authentication Type is set to User Name Password or Any.
          4. Click OK.

      Step 7: Activate authentication policy changes

      1. In the search bar, type Activate All Pending Authentication Policy Changes and select the task of the same name.
      2. On the next screen, enter a comment to describe the previous authentication policy changes applied in step 6.
      3. Click OK.
      4. On the next screen, check the Confirm box and select OK.

       

      Step 8: Copy web services endpoint for Workday tenant

      1. In the search bar, type Public Web Services and select the report of the same name.
      2. On the next page, search for the web service called, Recruiting (Public).
      3. Hover over the web service name, click the corresponding ellipsis, and select Web Service > View WSDL.
      4. An XML file will load on your browser. Within this XML, navigate to the very bottom of the page.
      5. Within the "soapbind:address" tag, copy the location URL. The URL should resemble something similar to https://wd5-services1.myworkday.com/ccx/service/... (do not include the quotations when you copy the URL)
      6. Store this part of the URL as it will be used to set up the connection between Workday and Crosschq.

      Entering ISU credentials in Crosschq

      Once all steps above have been completed, retrieve the following:

      • The URL that you copied from step 8 (this is also called the web services endpoint).
      • The ISU username that you created in step 1.
      • The ISU password that you created in step 1.
      1. Login to Crosschq. From the Crosschq homepage, navigate to Organization Settings > Connectors. On the Connectors settings, search for the Workday connector, and click Manage.
      2. Enable the Workday connector by clicking on the toggle to the right. The toggle will turn green.
      3. Expand the API Settings section. Click Connect with Merge.
      4. A window will appear to start the integration process. Select Use my credentials.
      5. On the next screen, select I am an admin.
      6. On the next screen, click Next.
      7. On the next screen, enter the ISU user name and password that you created for Crosschq. Afterward, click Next.

      8. Click Next (this window reminds you to create a Workday security group, which you have already done in a previous step).
      9. Click Next (this window reminds you to set domain security policy permissions on your security group, which you have already done in a previous step).
      10. Click Next (this window reminds you to activate your security policy changes in Workday, which you have already done in a previous step).
      11. Click Next (this window reminds you to validate your authentication policy, which you have already done in a previous step).
      12. Click Next (this window reminds you to activate your pending authentication policy changes, which you have already done in a previous step).
      13. On the next screen, enter the Workday web services endpoint. Afterward, click Next.
      14. The integration will take a few seconds to process. When prompted to map fields between Crosschq and Workday, select Skip for now.
      15. You will see "Successfully set up your integration" on the screen if your credentials were accepted. Click Finish Setup to close the integration window.


      At this point, Crosschq will begin syncing data with Workday. Please reach out to support@crosschq.com to let us know that you finished the integration set up. We will follow up with you to confirm that the initial sync has been completed.