Integrate Workday with Boon

Last updated: March 3, 2026

Overview

To authenticate your Workday account, you will need to provide the following information:

WSDL

ISU Username

ISU Password

Workday Tenant Name

⁠Learn more about Boon⁠⁠

Prerequisites

Please ensure you fulfil all the requirements to set up the integration:

You have Administrator permissions in your company's Workday instance

Instructions

Step 1: Create an Integration System User (ISU)

1. In your Workday portal, log into the Workday tenant

2. In the Search field, type Create Integration System User

3. Select the Create Integration System User task

⁠⁠⁠

CleanShot 2024-05-16 at 19.22.50.png

4. On the Create Integration System User page, in the Account Information section, enter a user name, and enter and confirm a password

Important: "&", "<", or ">" characters cannot be included in the password

5. Click OK

⁠⁠⁠

CleanShot 2024-05-16 at 19.27.03.png

6. To ensure the password doesn't expire, you'll want to add this new user to the list of System Users. To do this, search for the Maintain Password Rules task.

⁠⁠⁠

Capture-2024-05-16-193352.png

7. Add the ISU to the System Users exempt from password expiration field

⁠⁠⁠

CleanShot 2024-05-16 at 19.37.35.png

8. Enter the Integration System User name in the linking flow

9. Enter the Integration System User password in the linking flow

⁠⁠⁠

CleanShot 2024-05-16 at 20.52.23.png

Step 2: Create a Security Group and assign an Integration System User

1. In the Search field, type Create Security Group

⁠⁠⁠

Capture-2024-05-16-194454.png

Select the Create Security Group task.

2. On the Create Security Group page, select Integration System Security Group (Unconstrained) from the Type of Tenanted Security Group pull-down menu.

⁠⁠⁠

CleanShot 2024-05-16 at 19.50.24.png

If you would like to create a Constrained Security Group instead of an Unconstrained Security Group, please see the section in Notes below

⁠⁠

3. In the Name field, enter a name

4. Click OK

5. On the Edit Integration System Security Group (Unconstrained) page, in the Integration System Users field, enter the same name you entered when creating the ISU in the first section

⁠⁠⁠

CleanShot 2024-05-16 at 19.54.35.png

6. Click OK

Step 3: Configure domain security policy permissions

1. In the Search field, type Maintain Permissions for Security Group

⁠⁠⁠

Capture-2024-05-16-195737.png

2. Make sure the Operation is Maintain, and the Source Security Group is the same as the security group that was assigned in Step 2

⁠⁠⁠

CleanShot 2024-05-16 at 20.00.00.png

3. On the next screen, add the corresponding Domain Security Policies depending on your use case:

⁠⁠⁠

CleanShot 2024-05-16 at 20.01.47.png

If you are connecting Workday ATS (Recruiting):

Capture-2024-05-16-200630.png

If you are connecting Workday HRIS:

⁠⁠⁠

CleanShot 2024-05-16 at 20.09.20.png

Step 4: Activate security policy changes

1. In the search bar, type "Activate Pending Security Policy Changes" to view a summary of the changes in the security policy that needs to be approved

⁠⁠⁠

CleanShot 2024-05-16 at 20.11.28.png

2. Add any relevant comments on the window that pops up

3. Confirm the changes in order to accept the changes that are being made and hit OK

⁠⁠⁠

CleanShot 2024-05-16 at 20.15.41.png

Step 5: Validate the authentication policy is sufficient

1. Search for Manage Authentication Policies

⁠⁠⁠

CleanShot 2024-05-16 at 20.17.02.png

2. Click Edit on the authentication policy row

⁠⁠⁠

CleanShot 2024-05-16 at 20.24.18.png

3. Create an Authentication Rule

⁠⁠⁠

CleanShot 2024-05-16 at 20.34.45.png

4. Enter a name, add the Security Group, and ensure Allowed Authentication Types is set to Specific User Name Password or Any

⁠⁠⁠

CleanShot 2024-05-16 at 20.36.41.png

Note: You don't have to create a new Authentication Rule if you already have an existing one set to User Name Password or Any. You can add the ISU you created to that rule instead.

You will need to create a new rule if SAML is the only Authentication Rule you see for "Allowed Authentication Types."

Step 6: Activate all pending authentication policy changes

In the search bar type, activate all pending authentication policy changes

⁠⁠⁠

CleanShot 2024-05-16 at 20.39.58.png

2. Proceed to the next screen and confirm the changes. This will save the Authentication Policy that was just created or edited

Step 7: Obtain the web services endpoint URL

Search in Workday for Public Web Services

⁠⁠⁠

CleanShot 2024-06-26 at 13.10.37@2x.png

2. Find Human Resources (Public) if you are connecting Workday HRIS. Find Recruiting if you are connecting Workday ATS.

3. Click the three dots to access the menu. Click Web Services > View WSDL

⁠⁠⁠

CleanShot 2024-06-26 at 13.25.34@2x.png

4. Navigate to the bottom of the page that opens (it may take a few seconds to load)

5. Copy the full URL provided under Human_Resources or Recruiting

⁠⁠⁠

Capture-2024-05-16-194454.png

6. Enter the URL in the Web Service Endpoint URL field in the linking flow

⁠⁠⁠

CleanShot 2024-05-16 at 21.07.20.png

7. Enter your Workday Tenant Name in the linking flow

⁠⁠⁠

CleanShot 2024-05-16 at 21.10.59.pngCleanShot 2024-05-16 at 21.15.53.png

Process complete! 🎉

Notes

Creating a Constrained Security Group

If you need a Constrained Security Group instead of an Unconstrained one, follow these additional steps:

When creating the Security Group, select "Integration System Security Group (Constrained)" from the dropdown.

After creation, you'll need to configure constraints that specify which organizations or data the integration can access.