Workday ATS -> Ashby Recruiting API Migration Guide

for information on the workday integrations, please check out docid\ lser77ihgverwt8ovu5gx data migration from workday uses several workday apis, each of which requires varying user and permission configuration the setup requires 3 steps configuring ashby's integration system user (isu) configuring domain and business process security for ashby's isu creating the "api client for integrations" for ashby in each step, we will advise you to copy down some important information that will need to be configured within ashby, in order to connect your ashby and workday instances, like this here is an example of a callout advising you to note important information configuring ashby's isu log in to your workday application using an administrator account in the application's search box, search for 'create user' and then select create integration system user enter a user name and password copy down the username and password for future configuration within ashby leave the require new password at next sign in checkbox unchecked (this user will be accessing workday programmatically) leave the session timeout minutes with its default value of 0, which will prevent the user's sessions from timing out prematurely select the option do not allow ui sessions (this prevents the account from logging into workday) if possible, make sure the password does not expire otherwise, ashby's sync will stop when the password expires you can do this by going to the maintain password rules task and adding ashby's isu to the system users exempt from password expiration field configure domain security for ashby's isu create a security group in this step, you will create an unconstrained integration system security group in workday and assign the integration system user created in the previous step to this group in the search box, search for security group and then select create security group complete the create security group task select integration system security group (unconstrained) from the type of tenanted security group dropdown after the security group creation is successful, you will see a page where you can assign members to the security group add the new integration system user created in the previous step to this security group configure domain security policy permissions in this step, you'll grant domain security policy permissions that will allow ashby access to recruiting and hr data domains related to the ashby analytics integration enter security group membership and access in the search box and click on the report link search and select the security group created in the previous step click on the ellipsis ( ) next to the group name and from the menu, select security group > maintain domain permissions for security group add the following domains to the list domain security policies note in rows where multiple are listed, all domains after the first domain listed may be included/inherited in/by the first domain, depending on your workday instance's security configuration note if no reason is explicitly listed, the reason is then that of the nearest row upward domain security policy operation reason organization cost center get only sync org relationships for jobs and job role assignees manage organization integration get only manage organization roles get only staffing organizations cost center get only worker data organization information worker data management chain worker data organizations get only worker data active and terminated workers get only sync basic worker information for ashby user account and employee data person data legal name get only person data preferred name get only person data name get only person data home email get only person data work email get only person data home contact information get only person data public work email address integration get only pre hire data name and contact information pre hire data contact information pre hire data names get only worker data public worker reports get only worker data worker id get only worker data workers get only worker data all positions get only worker data current staffing information worker data historical staffing information get only sync worker position data worker data employment data get only job directory get only sync job requisition data job information get only job profile view get only job postings external get only job postings internal get only job postings get only job requisitions for recruiting get only job requisition data get only manage evergreen requisitions get only all prospects get only sync prospect data prospects prospect sharing get only reports prospect get only candidate data job application candidate data assessment results candidate data bundle resumes candidate data eligibility results candidate data interview feedback comments candidate data interview feedback results candidate data language skills candidate data offer details candidate data quick stats candidate data sharing candidate data attachments get only sync candidate and application data, including resume files candidate data interview schedule get only candidate data other jobs get only candidate data questionnaires get only candidate data questionnaire total score get only questionnaire results get only manage pre hire process view pre hire interviews get only candidate data gender get only sync candidate eeoc data candidate data ethnicity get only candidate data personal information candidate data military status candidate data nationalities candidate data sexual orientation candidate data sexual orientation & gender get only find candidates internal and external get only find candidates external get only pre hire data employment agreement employment agreement employee contracts get only sync candidate offer data pre hire data start date and location get only purge person data purge single entity data get only so we can delete candidates/applications who have been merged into others manage recruiting agency get only sync recruiting agency data integration build get only access to low level identifiers to connect workday objects together (e g a job to a location) business process administration business process definition view business process delegation get only access to business process history (for job application process history) business process reporting get only manage business process definitions get only reporting audits get only allows running reports via rest api wql workday query language view and modify note "view and modify" appears to be required here, even though we can only run queries that fetch data configure business process permissions in order to see certain historical information for a job application, ashby needs elevated access on recruiting specific business processes to give ashby the right access, you'll need to go to each business process as follows (using "job application" as an example here in step 1) go to “bp job application” related actions ( menu at the top) > business process policy > edit scroll down to “who can do actions on entire business process” go to “view all” section add ashby’s isg ashby needs this for the following recruiting business processes (substitute each of the following in for your workday search) "assess candidate" "employment agreement" "interview" "job application" "offer" "rate interview" "ready for hire" "reference check" "review candidate" "screen" note your workday instance may not have a business process for each of these create the "api client for integrations" for ashby in order to facilitate mapping the workday recruiting process into ashby, we need a report of candidate application history, which we will use to understand stage transitions for candidates, as well as build the interview plans in ashby we will run this report using wql (“workday query language”) via workday’s rest api access to the rest api requires a special api client to be configured open the register api client for integrations task (via workday search) use the following configuration client name ashby api access non expiring refresh tokens ✅ scope system, recruiting, staffing, pre hire process (allows high level access to recruiting and reporting data; data within is still guarded by domain security) included workday owned scope ✅ (access to worked owned fields) click okay the client id and secret will be needed to configure rest api access for ashby on the page that appears, copy down the client id and secret click the menu next to the client name in the blue header at the top, and then choose api client and then manage refresh tokens for integrations in the workday account box in the dialog that appears, find and choose ashby’s isu, and then click okay on the next page, check the generate new refresh token box, and then click okay copy down the refresh token that appears on the next page the refresh token will be needed to configure rest api access for ashby next, go to the view api clients report (via workday search) on this page/report, there will be 3 “endpoints” at the top of the page copy these down these endpoints will be needed to configure rest api access for ashby collect final tenant information most of the workday side configuration is now done we just need to collect a few final pieces of information before we go to ashby to configure the connection workday tenant id your workday tenant id is found in the url when you’re logged into workday for example, if the url is https //impl workday com/example/d/home html , your tenant id is “example” copy your tenant id down for configuration within ashby wsdl url your wsdl url can be found by following https //community workday com/articles/6120#endpoint in short type public web services in the workday search bar under reports , select public web services from the public web services list, select any one of them and click the ellipsis icon to reveal a drop down menu select web service > view wsdl , which displays the full wsdl in a separate window the wsdl url is the link in your browser bar itself copy the wsdl url for configuration within ashby configure the connection in ashby now that you've collected all of the information we need, you're ready to configure the connection in ashby to do so, go to https //app ashbyhq com/admin/integrations/workday , and you'll see the screen below steps please note that your workday tenant id is case sensitive so please take care when adding it in step 2 in the first box, paste the wsdl url in workday isu username field, enter the isu (one you created for ashby) username and tenant id as @ (e g ashby isu\@acme) in the workday isu password field, paste the isu password here in the workday rest api base url field, paste the "host" part of the endpoints you copied down when configuring the rest api client it should look something like " https //wd5 services1 myworkday com/ ", so it's just the part of the urls that end in http //myworkday com/ they should all be the same, though yours may start with "wd4 services1" for example in the workday rest api client id field, paste the client id you copied down when configuring the rest api client in the workday rest api client secret field, paste the client secrete you copied down when configuring the rest api client in the workday rest api client refresh token field, paste the refresh token you copied down when configuring the rest api client once this is complete, let us know, and we'll monitor the initial sync to make sure all is well