Skip to main content

Prerequisites for the WQL and Reports Connection Types

When you add the Workday connector to (explained in Add the Connector), you will see that you can connect to the Workday database with four connection types. Two of those connection types, WQL and Reports, require that you perform some prerequisite steps before you can use them to connect. The following sections provide those instructions. Perform the steps in the section for the connector that you want to use:

Enable the WQL Service

Before you can connect by using the WQL connection type, you must first enable the WQL service. To enable the service:
  1. Open Workday.
  2. Enter View Domain in the search bar.
  3. Enter Workday Query Language at the prompt.
  4. Select Allowed Security Group Types to determine whether one of the group types includes the user account to which you are connecting.
After you complete these steps, continue to Add the Connector.

Create a Custom Report

Before you can connect by using the Reports connection type, you must first create a custom report. To create a custom report:
  1. Create a custom report. supports reading reports that are exposed through Workday Reports as a Service (RaaS). Workday does not have a built-in method to enable to determine which reports are exposed via RaaS. So, you must create a custom report, as follows:
    1. Open the Create Custom Report form in Workday.
    2. Name the report Reports as a Service.
    3. Select Advanced for the report type.
    4. Select Enable As Web Service.
    5. Clear the Optimized for Performance checkbox.
    6. Select All Custom Reports for Data Source.
  2. Navigate to the Fields section. Then, create four columns and enter the following names for them, respectively:
    • Report Name
    • Web Service Namespace
    • Report Owner
    • Brief Description
  3. Ensure that the primary business object (Custom Report) is selected for Business Object for all the columns that you created in step 2. This object should have a box-and-arrow icon next to it. If the icon is an ellipsis (…) instead, select Menu > Primary Business Object > Custom Field.
  4. Open the Filter tab and create two new filters with the following criteria:
    • For the first filter, enter Web Service Namespace as the field name and select is not blank for Operator.
    • For the second filter, enter Current User as the field name and select in the selection list for Operator. Then, select Value from Another Field for Comparison Type and Authorized Users for Comparison Value.
  5. Click OK to save the report. If Workday displays any warnings, click OK again to dismiss them.
    The Current User filter is optional but recommended. This filter ensures that does not display reports that your account does not have permissions to view. However, if the report has performance issues, you can remove that filter.
  6. Locate the URL that is associated with the report, as follows. You need this URL to set the Custom Report URL connection property in .
    1. Open the newly created report.
    2. Click the ellipsis (…) next to the report title (upper-left corner) to open a dialog box.
    3. Locate the Web Services tab in the dialog box. You might need to scroll down in the dialog box to find the tab.
    4. Hover over the tab, select View URLs, and copy the the Workday XML link. This is the link you need for the Custom Report URL property in the application.
After you complete these steps, continue to Add the Connector.

Add the Workday Connector

Connect to

After you add the connector, you need to set the required connection properties.
  • Tenant: Enter the tenant for your Workday account. Example: https://Domain.workday.com/ccx/api/v1/MyCompany. In this example URL, the tenant is MyCompany.
  • Base Url: Enter the base URL that is required to authenticate to Workday (for example, https://Domain.workday.com/).
supports four connection types. Select your connection type below to proceed to the relevant section for your connection.

WQL

To connect to Workday through the WQL API:
  1. Select WQL for Connection Type.
  2. Select your authentication method:
  3. (Optional) For Use Split Tables, select whether you want to split WQL data sources into multiple tables. By default, the Enable checkbox is not selected.

Reports

To connect to Workday using Reports as a Service (RaaS):
  1. Select Reports for Connection Type.
  2. Enter the Workday XML link (that you copied in step 6 of Create a Custom Report) in the Custom Report URL field.
  3. Select your authentication method:

REST

To connect to Workday through the REST API:
  1. Select REST for the Connection Type property.
  2. Select your authentication method:

SOAP

To connect to Workday through the SOAP API:
  1. Select SOAP for the Connection Type property.
  2. Select your authentication method:
  3. (Optional) For Service, enter the specific SOAP service or services (in a comma-separated list) from which you want to retrieve data.

Basic

To connect with your user credentials, specify the following properties:
  • Auth Scheme: Select Basic.
  • User: Enter the username that you use to authenticate to your Workday account.
  • Password: Enter the password that you use to authenticate to your Workday account.

OAuth

To connect with OAuth, specify the following settings:
  • Auth Scheme: Select OAuth.
  • OAuth Client Id: Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.
  • OAuth Client Secret: Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.

OAuth Integration System User

To connect as an integration system user (ISU), specify the following settings:
  • Auth Scheme: Select OAuthISU.
  • OAuth Client Id: Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.
  • OAuth Client Secret: Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.
  • OAuth Refresh Token: Enter the OAuth refresh token for the corresponding OAuth access token.

OAuth JWT

To connect with JWT, specify the following settings:
  • Auth Scheme: Select OAuthJWT.
  • OAuth Client Id: Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.
  • OAuth Client Secret: Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.
  • OAuth JWT Cert: Enter the path to your encrypted private key (.key file) that you generated.
  • OAuth JWT Cert Type: Enter the type of key store that contains your JWT Certificate. The default type is PEMKEY_BLOB.
  • OAuth JWT Issuer: Enter the issuer of your Java web token. Typically, the issuer is either the client Id or the email address of the OAuth application.
  • OAuth JWT Subject: Enter the user subject for which the application is requesting delegated access.
  • (Optional) OAuth JWT Cert Password: Enter the password for your OAuth JWT certificate.
  • (Optional) OAuth JWT Cert Subject: Enter the subject of your OAuth JWT certificate.

Azure Active Directory

To connect with single sign-on (SSO) via Azure Active Directory, specify these settings:
  • Auth Scheme: Select AzureAD.
  • SSO Properties: Enter additional properties that are required to connect to your identity provider. You must use a semicolon-separated list of properties (for example, SSOProperty1=Value1;SSOProperty2=Value2;…) .
  • OAuth Client Id: Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

Complete Your Connection

To complete your connection:
  1. Define advanced connection settings on the Advanced tab. (In most cases, though, you should not need these settings.)
  2. Connect to to connect to your account.
  3. Click Create & Test to create your connection.

More Information