Workday ATS -> Ashby Recruiting API Migration Guide

19 min

for information on the workday integrations, please check out docid\ lser77ihgverwt8ovu5gx data migration from workday uses several workday apis, each of which requires varying user and permission configuration the setup requires 3 steps configuring ashby's integration system user (isu) configuring domain and business process security for ashby's isu creating the "api client for integrations" for ashby in each step, we will advise you to copy down some important information that will need to be configured within ashby, in order to connect your ashby and workday instances, like this here is an example of a callout advising you to note important information configuring ashby's isu log in to your workday application using an administrator account in the application's search box, search for 'create user' and then select create integration system user enter a user name and password copy down the username and password for future configuration within ashby leave the require new password at next sign in checkbox unchecked (this user will be accessing workday programmatically) leave the session timeout minutes with its default value of 0, which will prevent the user's sessions from timing out prematurely select the option do not allow ui sessions (this prevents the account from logging into workday) if possible, make sure the password does not expire otherwise, ashby's sync will stop when the password expires you can do this by going to the maintain password rules task and adding ashby's isu to the system users exempt from password expiration field configure domain security for ashby's isu create a security group in this step, you will create an unconstrained integration system security group in workday and assign the integration system user created in the previous step to this group in the search box, search for security group and then select create security group complete the create security group task select integration system security group (unconstrained) from the type of tenanted security group dropdown after the security group creation is successful, you will see a page where you can assign members to the security group add the new integration system user created in the previous step to this security group configure domain security policy permissions in this step, you'll grant domain security policy permissions that will allow ashby access to recruiting and hr data domains related to the ashby analytics integration enter security group membership and access in the search box and click on the report link search and select the security group created in the previous step click on the ellipsis ( ) next to the group name and from the menu, select security group > maintain domain permissions for security group add the following domains to the list domain security policies note in rows where multiple are listed, all domains after the first domain listed may be included/inherited in/by the first domain, depending on your workday instance's security configuration note if no reason is explicitly listed, the reason is then that of the nearest row upward true 198,198,198 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type 1 1 unhandled content type configure business process permissions in order to see certain historical information for a job application, ashby needs elevated access on recruiting specific business processes to give ashby the right access, you'll need to go to each business process as follows (using "job application" as an example here in step 1) go to “bp job application” related actions ( menu at the top) > business process policy > edit scroll down to “who can do actions on entire business process” go to “view all” section add ashby’s isg ashby needs this for the following recruiting business processes (substitute each of the following in for your workday search) "assess candidate" "employment agreement" "interview" "job application" "offer" "rate interview" "ready for hire" "reference check" "review candidate" "screen" note your workday instance may not have a business process for each of these create the "api client for integrations" for ashby in order to facilitate mapping the workday recruiting process into ashby, we need a report of candidate application history, which we will use to understand stage transitions for candidates, as well as build the interview plans in ashby we will run this report using wql (“workday query language”) via workday’s rest api access to the rest api requires a special api client to be configured open the register api client for integrations task (via workday search) use the following configuration client name ashby api access non expiring refresh tokens ✅ scope system, recruiting, staffing, pre hire process (allows high level access to recruiting and reporting data; data within is still guarded by domain security) included workday owned scope ✅ (access to worked owned fields) click okay the client id and secret will be needed to configure rest api access for ashby on the page that appears, copy down the client id and secret click the menu next to the client name in the blue header at the top, and then choose api client and then manage refresh tokens for integrations in the workday account box in the dialog that appears, find and choose ashby’s isu, and then click okay on the next page, check the generate new refresh token box, and then click okay copy down the refresh token that appears on the next page the refresh token will be needed to configure rest api access for ashby next, go to the view api clients report (via workday search) on this page/report, there will be 3 “endpoints” at the top of the page copy these down these endpoints will be needed to configure rest api access for ashby collect final tenant information most of the workday side configuration is now done we just need to collect a few final pieces of information before we go to ashby to configure the connection workday tenant id your workday tenant id is found in the url when you’re logged into workday for example, if the url is https //impl workday com/example/d/home html , your tenant id is “example” copy your tenant id down for configuration within ashby wsdl url your wsdl url can be found by following https //community workday com/articles/6120#endpoint in short type public web services in the workday search bar under reports , select public web services from the public web services list, select any one of them and click the ellipsis icon to reveal a drop down menu select web service > view wsdl , which displays the full wsdl in a separate window the wsdl url is the link in your browser bar itself copy the wsdl url for configuration within ashby configure the connection in ashby now that you've collected all of the information we need, you're ready to configure the connection in ashby to do so, go to https //app ashbyhq com/admin/integrations/workday , and you'll see the screen below steps please note that your workday tenant id is case sensitive so please take care when adding it in step 2 in the first box, paste the wsdl url in workday isu username field, enter the isu (one you created for ashby) username and tenant id as @ (e g ashby isu\@acme) in the workday isu password field, paste the isu password here in the workday rest api base url field, paste the "host" part of the endpoints you copied down when configuring the rest api client it should look something like " https //wd5 services1 myworkday com/ ", so it's just the part of the urls that end in http //myworkday com/ they should all be the same, though yours may start with "wd4 services1" for example in the workday rest api client id field, paste the client id you copied down when configuring the rest api client in the workday rest api client secret field, paste the client secrete you copied down when configuring the rest api client in the workday rest api client refresh token field, paste the refresh token you copied down when configuring the rest api client once this is complete, let us know, and we'll monitor the initial sync to make sure all is well what is migrated from workday? objects migrated job reqs (non confidential) evergreen job reqs teams/departments locations openings candidates (non confidential) job considerations/applications interview feedback ratings sources candidate attachments, including resumes disposition reasons work experience education contact information (name, email, phone, social links) eeoc forms employees (as inactive users so they can be assigned the hiring team roles) objects not migrated job templates job postings custom fields candidate tags candidate pools emails/messages email templates application forms questionnaires for the candidate confidential jobs confidential prospects