Report as a Service (RaaS)

Overview

The Oort security platform can integrate with Workday Report as a Service (RaaS) functionality to ingest Workday HR data in an automated fashion.

Workday HR data provides a key element to managing identities and identity security in your organization, as the HRIS system is frequently the source of truth for both internal and third party B2B users.

This document will walk you through the process of setting up access to Workday and will also walk you through the setup inside of the Oort console.

Workday Report as a Service Configuration

NOTE - This article assumes some familiarity with Workday platform administration. The purpose of the document is to provide the report structure and parameters, as well as provide guidance in the Oort configuration.

The high level steps to complete this task in Workday are as follows:

1. Create a Workday Integration System User (ISU) (example documentation) - this user will act as the report owner and provide access to it from the Oort platform

2. Create the custom report as defined below

3. Enable the report as a web service in Advanced settings

4. Ensure that the ISU created in Step 1 is the owner of the report in the Share settings

5. Configure the Workday Report inside of the Oort console.

Create Workday ISU

To create the integration system user, follow the example documentation above or proceed as follows:

1. Go to your Workday tenant and enter create integration system user in the search field. Under Tasks & Reports, click Create Integration System User.

2. Enter a username and password for the new user.

3. Leave the Require New Password at Next Sign In option clear.

4. For Session Timeout Minutes, enter 0.

5. Select Do Not Allow UI Sessions to prevent this user from signing into Workday.

6. Click OK.

Ensure that the ISU created above is a member of the necessary security groups within Workday to be an owner of the report to be created in the next step.

Create Custom Report

Create a custom report in Workday with the following properties:

• Report type - Advanced

• Data source - All users (active, terminated, pre-hire) - This will depend on your Workday data structure.

• Data source type - Standard

• Primary business object - Worker

Add the following columns to the report, in this order. Some of the columns will be Workday native or static fields and some will be calculated fields. NOTE - Please ensure that the Column Heading Override and Column Heading Override XML Alias columns use these specific names, so that the product can map the attributes correctly.

1. user_id

2. first_name

3. middle_name

4. last_name

5. nickname

6. email

7. active

8. org_name

9. business_title

10. super_ref - (Manager ID)

11. managername

12. position_title

13. division

14. city

15. state

16. country

17. hire_date

18. termination_date

19. category

Work Report Properties & Examples

Enable this Report as a Web Service in the Advanced tab.

Ensure that the ISU user created above is listed as the Owner of the report in the Share tab.

Note - The ISU user will need access to ALL of the data fields in the report.

Copy the Report URL in JSON format for use in the Oort integration configuration.

Note - the Report URL can be obtained at the following location in the Workday report console.

The report URL must be for the JSON format.

Open the list of Report URLs in a new tab and right-click -> copy the JSON URL link below.

Oort Configuration

Within the Oort console, navigate to -

Integrations -> New Integration -> Workday

Enter the following information according to the instructions below.

1. Enter a Name for the integration (just a display name)

2. Enter your Workday Report JSON URL created previously

3. Enter the ISU username and password for the Workday ISU service account that was created previously

4. Click Save.

Start Collection for the Workday Integration

Data collection for new integrations occurs automatically every 24 hrs overnight, but to manually start the collection process, do the following.

Click the three dot option menu on the newly created Workday RaaS integration and select Collect Now.

This process may take some time depending on the size of the Workday user population.