Setting Up a Workday ISU for Auditoria SmartResearch

Introduction

This guide provides step-by-step instructions for configuring your Workday connection to enable integration with Auditoria SmartResearch. You will be guided through the process of setting up a dedicated Integration System User (ISU), creating appropriate security groups, and granting the necessary permissions to access required Workday data sources.

These configurations are essential to ensure that Auditoria SmartResearch can securely retrieve and process the information needed for its features. If you have questions during the setup, please contact your Workday administrator or your Auditoria support representative.


Prerequisites

Before you begin the configuration process, ensure you have the following prerequisites in place:

  • Workday administrative access: You must have administrator privileges in your Workday tenant to create users, security groups, and assign security permissions.
  • Auditoria SmartResearch licensing: Confirm that your organization has an active Auditoria SmartResearch subscription.
  • List of required data sources: Identify which Workday data sources need to be integrated based on your organization’s SmartResearch requirements.
  • Workday Integration System User setup permissions: Ability to create and configure an Integration System User (ISU) in Workday.
  • Permission to create and manage security groups: Authorization to create security groups and assign domain security policies in Workday.
  • API client registration privileges: Access to register and manage API clients for integrations in Workday.
  • Coordination with your IT and Workday teams: Ensure all stakeholders involved in Workday integration and data security are aware of this setup process.

If you do not have these permissions, contact your Workday administrator or your internal IT team for assistance.


1. Get Your Workday Hostname and Tenant Name

To configure the connection between Auditoria SmartResearch and Workday, you will need your Workday hostname and tenant name. Follow the steps below to locate this information:

  1. Log in to your Workday console using your administrator credentials.
  2. Search for “Public Web Services” in the search bar at the top of the Workday screen.
  1. In the search results, locate the Web Services column and apply filters to display only results related to Revenue Management.
  1. Locate Revenue Management in the list. Click the three dots (…) next to it and select Web Service > View WSDL.
  1. In the WSDL file, search for the text "Revenue_Management". Scroll to the last occurrence to find the hostname and tenant name.
    • The hostname will appear in the URL, such as:

      https://wd1-impl-services1.workday.com/ccx/service/your-tenant-name/Revenue_Management/
    • The tenant name will appear in the URL path, following the domain and “service/”.
  2. Copy both the hostname and tenant name. You will need to enter these values during the Auditoria SmartResearch connection setup process.

2. Create the Workday Integration System User (ISU) for Auditoria SmartResearch

To enable secure integration with Auditoria SmartResearch, you must create a dedicated Integration System User (ISU) in Workday. Follow these steps:

  1. Log in to your Workday console using an account with administrative privileges.
  2. Search for “Create Integration System User” in the search bar.
  3. Select Create Integration System User from the search results.
  1. Enter a clear and descriptive User Name for the new ISU, such as ISU_Auditoria_SmartResearch.
  2. Set a new password for the ISU. Make a note of this password, as it will be required during the integration setup.
  3. Review and confirm the details, then click OK to create the user.

Important:

  • Use a unique ISU for Auditoria SmartResearch. Do not reuse ISUs intended for other integrations.
  • Securely store the username and password in accordance with your organization’s IT security policies.
  • You will assign this ISU to the appropriate security group in the next step.

3. Create a Workday Security Group and Assign the ISU

You need to create a Workday security group and assign the Integration System User (ISU) you created for Auditoria SmartResearch. This allows you to manage permissions centrally and securely.

To create a security group and assign your ISU:

  1. Log in to your Workday console using an account with administrative privileges.
  2. Search for “Create Security Group” in the search bar.
  3. In the search results, select Create Security Group.
  1. In the Type of Tenanted Security Group drop-down, select Integration System Security Group (Unconstrained).
  2. In the Name field, enter a descriptive name (for example, ISSG_Auditoria_SmartResearch).
  3. Click OK. The new security group will be created.
  1. On the Edit Integration System Security Group (Unconstrained) page, locate the Integration System Users section.
  2. Add the ISU you created in the previous step (for example, ISU_Auditoria_SmartResearch).
  3. Click OK to save the assignment.

Note:

  • Use a unique security group for Auditoria SmartResearch; do not assign unrelated users.
  • You will assign the required domain security policies to this group in the next step.

4. Assign Domain Security Policy Permissions for SmartResearch Data Sources

To enable Auditoria SmartResearch to access the required data from your Workday tenant, you must assign the correct domain security policy permissions to the integration security group you created.

Steps to Assign Security Policy Permissions

  1. Log in to your Workday console with administrative privileges.
  2. Open Security Group Search:
    • Go to the Workday search bar.
    • Type "Security group" and select View Security Group from the search results.
  1. Select the Auditoria SmartResearch security group:
    • In the prompt, enter the name of your group (for example, ISSG_Auditoria_SmartResearch).
    • Click OK.
  1. Open Domain Permissions for the Group:
    • On the Integration System Security Group (Unconstrained) overview page, select the Related Actions (three dots menu) next to the group name.
    • Choose Maintain Domain Permissions for Security Group.
  1. Add Permissions:
    • In the Report/Task Permissions and Integration Permissions sections, add the required Domain Security Policies for each SmartResearch data source, using the operation/access level provided in the table below.
    • Use ModifyViewGet, or Put access level as specified.
  2. Save and confirm your changes.
    • Click OK.
    • Remember to activate pending security policy changes using the appropriate Workday task.

Table 1. Workday Domain Security Policy Permissions Matrix

Domain Security Policy Permissions

OperationDomain Security PolicyDomain Security Policies Inheriting PermissionFunctional Areas
View and ModifyWorkday Query Language System
Get and PutWorkday Query Language System
View OnlySet Up: Accounts Common Financial Management
View OnlyProcess: Supplier InvoiceProcess: Supplier Invoice - Cancel

Process: Supplier Invoice - Change

Process: Supplier Invoice - Core

Process: Supplier Invoice Document - Add/Change Attachment

Process: Supplier Invoice - Hold from Payment

Process: Supplier Invoice - Invoice Workbench

Process: Supplier Invoice - Prepayments
Supplier Accounts
View OnlyProcess: Purchase OrderProcess: Purchase Order - Cancel

Process: Purchase Order - Close

Process: Purchase Order - Close for Receiving

Process: Purchase Order - Create/Edit

Process: Purchase Order - Issue

Process: Purchase Order - Mass Action

Process: Purchase Order - View
Procurement
View OnlySet Up: Bank Reconciliation Banking and Settlement
View OnlyView: Bank Entity Banking and Settlement
View OnlyReports: Supplier Payment Supplier Accounts
View OnlySet Up: Spend Categories Common Financial Management
View OnlyView: SupplierView: Supplier Tax InformationSuppliers
View OnlyProcess: Recurring Supplier Invoice Supplier Accounts
View OnlyProcess: Supplier Invoice - Reporting Supplier Accounts
View OnlySet Up: Bank Entity Banking and Settlement
View OnlySet Up: SupplierSet Up: Assign Contingent Worker

Set Up: Supplier Settlement Bank
Suppliers
View OnlyManage: Inventory Inventory
View OnlySet Up: Supplier Accounts Supplier Accounts
View OnlyReports: Supplier Suppliers
View OnlyManage: Company Organizations and Roles
View OnlyProcess: Purchase Order - Reporting Procurement
View OnlySet Up: Company Common Financial Management
View OnlyManage: Cost Center Organizations and Roles
View OnlyProcess: Supplier Invoice Payment/Settlement Supplier Accounts
View OnlyBusiness Process Reporting System
View OnlyProcess: Supplier Invoice - Request Supplier Accounts
View OnlySet Up: Company General Common Financial Management
View OnlyProcess: Supplier Invoice - View  Supplier Accounts
View OnlySet Up: Basic Supplier Worktag  Supplier Accounts
View OnlySet Up: Supplier Contacts  Supplier Accounts
View OnlySet Up: Supplier Contracts  Supplier Accounts
View OnlyProcess: Supplier Contract - Reporting  Supplier Accounts
View OnlyManage: Region Common Financial Management
Get OnlySet Up: Accounts Common Financial Management
Get OnlyProcess: Supplier InvoiceProcess: Supplier Invoice - Cancel

Process: Supplier Invoice - Change

Process: Supplier Invoice - Core

Process: Supplier Invoice Document - Add/Change Attachment

Process: Supplier Invoice - Hold from Payment

Process: Supplier Invoice - Invoice Workbench

Process: Supplier Invoice - Prepayments
Supplier Accounts
Get OnlyProcess: Purchase OrderProcess: Purchase Order - Cancel

Process: Purchase Order - Close

Process: Purchase Order - Close for Receiving

Process: Purchase Order - Create/Edit

Process: Purchase Order - Issue

Process: Purchase Order - Mass Action

Process: Purchase Order - View
Procurement
Get OnlySet Up: Bank Reconciliation Banking and Settlement
Get OnlyView: Bank Entity Banking and Settlement
Get OnlyReports: Supplier Payment Supplier Accounts
Get OnlySet Up: Spend Categories Common Financial Management
Get OnlyView: SupplierView: Supplier Tax InformationSuppliers
Get OnlyProcess: Recurring Supplier Invoice Supplier Accounts
Get OnlyProcess: Supplier Invoice - Reporting Supplier Accounts
Get OnlySet Up: Bank Entity Banking and Settlement
Get OnlySet Up: SupplierSet Up: Assign Contingent Worker

Set Up: Supplier Settlement Bank
Suppliers
Get OnlyManage: Inventory Inventory
Get OnlySet Up: Supplier Accounts Supplier Accounts
Get OnlyReports: Supplier Suppliers
Get OnlyManage: Company Organizations and Roles
Get OnlyProcess: Purchase Order - Reporting Procurement
Get OnlySet Up: Company Common Financial Management
Get OnlyManage: Cost Center Organizations and Roles
Get OnlyProcess: Supplier Invoice Payment/Settlement Supplier Accounts
Get OnlyBusiness Process Reporting System
Get OnlyProcess: Supplier Invoice - Request Supplier Accounts
Get OnlySet Up: Company General Common Financial Management
Get OnlyProcess: Supplier Invoice - View  Supplier Accounts
Get OnlySet Up: Basic Supplier Worktag  Supplier Accounts
Get OnlySet Up: Supplier Contacts  Supplier Accounts
Get OnlySet Up: Supplier Contracts  Supplier Accounts
Get OnlyProcess: Supplier Contract - Reporting  Supplier Accounts
Get OnlyManage: Region Common Financial Management

Note: Your organization's requirements may differ; always confirm with your implementation team or Auditoria support if unsure which policies are needed.

If you have questions about specific domain security policies or data source configurations, consult your Workday administrator or Auditoria support representative.


5. Activating Pending Security Policy Changes

After adding or modifying domain security policy permissions for your integration security group, you must activate these changes to make them effective. This is a required step in Workday to ensure that Auditoria SmartResearch can access the newly permitted data sources.

Steps to Activate Pending Security Policy Changes

  1. In the Workday search bar, type "Activate Pending Security Policy Changes" and select the corresponding task from the results.
  1. On the activation screen, review any listed pending security policy changes. If prompted, add a comment (for example, “Activate it”).
  1. Review the Current Security Evaluation Moment and the Proposed Security Evaluation Moment.
  2. If the details are correct, check the Confirm box to acknowledge the changes.
  3. Click OK to apply the updates and activate the permissions.

Note:

  • All pending changes will become effective once activated.
  • Review the summary of domain security policies to ensure accuracy before confirming.
  • This step must be completed for any new or modified domain security policy permissions to take effect.

If you have questions about which policy changes need to be activated, consult your Workday administrator or your implementation team.


6. Get API Client Credentials

To enable secure integration between Auditoria SmartResearch and your Workday tenant, you need to register an API client and collect the required credentials.

Steps to Register a New API Client

  1. Log in to your Workday console with administrative access.
  2. Search for “Register API Client for Integrations” in the Workday search bar and select it from the results.

  1. Complete the registration form:
  • Enter a distinctive Client Name (for example, Auditoria_SmartResearch_Client).
  • Select the Non-Expiring Refresh Tokens checkbox, if permitted by your organization’s policy.
  • In the Scope (Functional Areas) field, add all SmartResearch-required areas, such as:
    • Integration 
    • Staffing
    • System
    • Workday Everywhere
    • Suppliers Accounts
    • Suppliers
    • Any other areas identified for your use case

  1. Click OK to complete registration.
  2. Record the Client ID and Client Secret generated for this client. These values are required during the Auditoria SmartResearch system setup.

Note:

  • Keep your Client ID and Client Secret secure and confidential.
  • Provide scopes only for those functional areas necessary for Auditoria SmartResearch.

If you are unsure which scopes are required, consult your Workday administrator or Auditoria support before proceeding.


7. Generate Refresh Token with Updated Permissions

After registering your API client and ensuring all required permissions are assigned, you must generate a refresh token for Auditoria SmartResearch to securely authenticate with your Workday tenant.

Steps to Generate a Refresh Token

  1. Log in to your Workday console with administrative access.
  2. Search for “View API Client” and select it from the results.
  1. Filter your API Clients (optional but recommended):
    • Use the Add Filter feature.
    • Set the filter:
      • Column: Client Name
      • Filter Condition: contains
      • Value: SmartResearch
    • Click Filter to narrow down the API client list.
  1. Find your registered Auditoria SmartResearch API client in the filtered results.
  2. Open the refresh token management menu:
    • Click the three dots (…) next to your API client’s name.
    • Select Manage Refresh Tokens for Integrations.
  1. Assign the Workday Integration System User:
    • In the prompt, select or enter the Workday ISU you created for SmartResearch (e.g., ISU_Auditoria_SmartResearch).
  1. Generate the refresh token:
    • On the next screen, select the option to Generate New Refresh Token.
  1. Confirm and complete the process:
    • Click OK to generate the token.
    • When the refresh token appears, copy and store it securely. You will need this token for the Auditoria SmartResearch connection setup.

Important:

  • Ensure all required permissions and scopes are assigned to your API client before generating the refresh token.
  • The refresh token is confidential and should be shared only with the authorized integration team.
  • Do not check “Confirm Delete” unless you are regenerating and invalidating a previous token.
Note: If you have any Segmented Security configured in Workday for the following business objects, please ensure that the ISU or the Security Group created for the Auditoria–Workday connection is also added to the same security group.
  • Supplier
  • Customers
  • Customer Invoices
  • Supplier Invoices
  • Customer Payments
  • Supplier Payments
  • Purchase Orders
  • Entity

If you encounter issues or need help at any step, contact your Workday administrator or Auditoria support representative.


Connect Auditoria SmartResearch to Workday ERP

After gathering your Workday connection details (hostname, tenant name, Integration System User credentials, API client credentials, and refresh token), you are ready to set up the connection within Auditoria.

Steps to Connect Auditoria to Workday

  1. Access System Settings:
    • Log in to the Auditoria platform with administrative privileges.
    • Navigate to Administration > System Settings.
  2. Add or Update Workday ERP Connection:
    • In the "Add New Connection" area of System Settings, select the Workday ERP option.
    • To update an existing connection, locate the Workday system tile and click Update.
  1. Enter Required Connection Information:
    • On the ERP Settings page, fill in the following fields with your Workday integration details:
      • Instance Name: Enter a recognizable display name for this connection.
      • Tenant ID: Enter your Workday tenant name.
      • User ID: Enter the Integration System User (ISU) username.
      • User Password: Enter the ISU password.
      • Host Name: Enter the Workday service URL or host address.
      • Client ID: Enter the API Client ID.
      • Client Secret: Enter the API Client Secret.
      • Refresh Token: Enter the generated refresh token.
      • Additional report and configuration fields may be present. Complete these as required for your organization or leave as “-” if not needed.
  2. Save and Test Connection:
    • Click Save to submit your settings.
    • The system may validate your credentials and confirm the connection status.
    • Once the setup is complete, proceed to sync entities if prompted or verify that the connection is active.

Notes:

  • Fill out only the Workday connection fields needed for Auditoria functionality. Optional fields may be left blank or set to “-” as indicated on the screen.
  • If you encounter authentication or connection issues, verify all credentials, and confirm required permissions in Workday have been assigned.