This article explains how to configure the App Activities integration for Workday.
App Activities provides you with an API-based solution for out-of-band visibility of all activity made by any user in a connected SaaS application. To provide App Activities with visibility of data within an app, you need to set up an integration with the required application. Once you create the integration, if a field has changed or expired, you can edit it from the Resources >Integrations > Integrated Apps page. For more information, see What is Application Control via API with App Activities.
To configure the App Activities integration, you need to:
-
Configure the integration within the SaaS application
-
Create the API connector in the CMA
A CASB license is required for App Activities. This license includes app and data control and App Activities via API. For more about purchasing a CASB license, please contact your Cato representative.
To create the Workday integration, register an API Client for Integrations.
Three steps are required to configure the integration in your Workday account.
This user is used for authentication with the Workday API.
To create an integration system user
-
Login to your Workday account
-
In the search bar, search for and select Create Integration System User.
-
Enter the following details:
-
User Name: Choose a user name
-
New Password: Enter a password and re-enter it in New Password Verify
-
Check Do Not Allow UI Sessions for enhanced security check box
-
-
Click OK, then Done
To configure the required permissions for the new integration system user, create an integration system security group, add domain security policies, and activate pending security policy changes.
To create an integration system security group:
-
In your Workday account, in the search bar, search for and select Create Security Group.
-
Enter the following:
-
Type of Tenanted Security Group: Integration System Security Group (Unconstrained)
-
Name: Choose a name
-
-
Click OK, then Done
To add domain security policies to the security group:
-
In your Workday account, in the search bar, search for and select Maintain Permissions for Security Group.
-
Set Operation to Maintain and select the security group created above.
-
Click OK.
-
In the Domain Security Policy Permissions table, add the following rows:
View required policy permissions
Access
Domain Security Policy
Get Only
Manage: Organization Integration
Get Only
User-Based Security Group Administration
View Only
Workday Accounts
Get Only
Special OX Web Services
Get Only
Integration Security
View Only
Integration Security
View Only
Security Configuration
Get Only
Security Configuration
View Only
Security Administration
View Only
Security Activation
View Only
Purge Person Data
Get Only
Integration Configure
Get Only
Workday Account Monitoring
View Only
Workday Account Monitoring
Get Only
System Auditing
View Only
System Auditing
Get Only
Former Worker Storage
Get Only
Worker Data: Public Worker Reports
Get Only
Workday Accounts
Get Only
Worker Data: Current Staffing Information
View Only
Worker Data: Current Staffing Information
View Only
Manage: All Custom Reports
Get Only
Manage: All Custom Reports
Get Only
Security Activation
Get Only
Workday Query Language
View Only
Workday Query Language
Get Only
Business Process Administration
View Only
Business Process Administration
Get Only
Worker Data: Staffing
View Only
Worker Data: Staffing
Get Only
Worker Data: Worker ID
View Only
Worker Data: Worker ID
Get Only
Indexed Data Source: Workers
View Only
Indexed Data Source: Workers
Get Only
Person Data: Work Contact Information
View Only
Person Data: Work Contact Information
View Only
Worker Data: Public Worker Reports
-
Click OK, then Done
-
In your Workday account, in the search bar, search for and select Register API Client for Integrations.
-
Enter the following:
-
Client Name: Enter a name
-
Check the Non-Expiring Refresh Tokens checkbox
-
Under Scope (Functional Areas), select: Integration, Organizations and Roles, Implementation, Staffing, Tenant Non-Configurable, System
-
-
Click OK.
-
Copy and save the Client ID and Client Secret so they can be entered into the CMA.
Note: The secret is only visible on this page and cannot be recovered later
-
Click the three-dots next to the API client name and navigate to API Client > Manage Refresh Tokens for Integrations.
-
For Workday Account, select the integration system user created above and click OK.
-
Select Generate New Refresh Token and click OK.
-
Copy and save the Refresh Token value so it can be entered into the CMA.
-
Search for and select View API Clients.
-
Copy and save the Workday REST API Endpoint and Token Endpoint so they can be entered into the CMA.
After you have set up an integration with the required application, add the details in the CMA.
To create the API connector in the CMA:
-
From the navigation menu, click Resources > Integrations.
-
Click the Configured Integrations tab.
-
Click New.
The New Integration panel opens.
-
Select the SaaS Application you want to add.
-
In the Capability drop down select App Activities.
-
Add the details created during step one.
-
Click Save.
-
The app is visible on the Integrated Apps table with a Connected status.
After connecting your APIs, you can track the App activities in the Cloud Activities dashboard. Data may take a few minutes to appear.
0 comments
Article is closed for comments.