Staffbase’s HR integrations offer connectivity with multiple HR systems. You can establish a connection between Staffbase and Workday for the HR Integration.
You need to prepare your Workday environment before configuring the HR integration in Staffbase. This includes creating an Integration System User (ISU), assigning permissions, and ensuring access to required worker data. Proper configuration prevents mapping issues, ensures reliable data retrieval, and supports secure data handling.
Prerequisites
- You have administrator permissions in Workday
- You have identified which widgets you want to use:
- Absence
- Payslip
Create an Integration System User (ISU)
Create an Integration System User (ISU) in Workday.
This user is used to:
- Authenticate the connection
- Provide access to worker data
- Enable API access
Configure Permissions for the Integration
Assign the following domain permissions for SOAP HRIS access for your Workday ISU.
- SOAP HRIS access
-
Personal data (Get only access)
- Name
- Work contact information
- Private work email integration
- Public work email address integration
-
Worker data (Get only access)
- Public worker reports
- Workers
- Employment data
- Organization information
- All positions
- Current staffing information
Configure Permissions for Widgets
Based on your organization’s requirements, configure additional permissions based on the widgets you use:
For Payslip
-
Worker data:
- Compensation (Get and View only)
- Compensation All Worker’s Positions Past and Present (Get only)
- Compensation by Organization (Get only)
- Payroll (Get only)
- Reports: Pay calculation results for Worker (Results) (Get only)
For Absence
- Workday Time Off data: Accessed through REST API with OAuth (not standard SOAP-only setup).
-
OAuth functional-area scopes:
- HRIS
- Staffing
- Time Off and Leave
- Tenant Non-Configurable
- Public Data
- Contact Information
-
Worker data:
- Time Off (Time Off)
- Time Off (Time Off Balances)
- Time Off (Time Off Manager View)
Restrict Sensitive Data (recommended)
Limit access to sensitive or unnecessary data by excluding the following permissions:
- Person Data: Personal Data Includes fields such as gender, marital status, date of birth, and SSN
- Person Data: Home Contact Information Includes home location data
- Person Data: Photo Includes user avatars
Collect Required Configuration Specifications
Keep the following information ready before adding the HR integration in Staffbase:
- API Server URL: The API endpoint URL of your HR system instance. This is where the Staffbase platform directs the API calls.
- User Name: The username of the authorized API user or service account. It must have the appropriate permissions to access the employee data.
- Password: The password associated with the authorized user or service account.
- Tenant Name: Your organization's tenant identifier within the HR system, used to route API requests correctly.
- Client ID: A public identifier provided during API registration. It is used to authorize API requests.
- Client Secret: A private key paired with the Client ID. It is required to authenticate API calls.
- Token Endpoint: The URL used to retrieve and refresh OAuth tokens for secure API access.
- Refresh Token: A reusable token that allows continued access without requiring re-authentication.
Store all credentials securely. Rotate secrets and tokens regularly according to your organization’s security policies.
Comments
0 comments
Please sign in to leave a comment.