Connect Workday to Microsoft Cloud App Security (Preview)
Applies to: Microsoft Cloud App Security
This article provides instructions for connecting Microsoft Cloud App Security to your existing Workday account using the app connector API. This connection gives you visibility into and control over Workday use.
The Workday account used for connecting to Cloud App Security must be a member of a security group (new or existing). The security group must have the following permissions selected for the following domains:
|Functional area||Domain||Subdomain||Report/Task Permissions||Integration Permissions|
|System||Set Up: Tenant Setup – General||Set Up: Tenant Setup – Security||View, Modify||Get, Put|
|System||Security Administration||View, Modify||Get, Put|
|Staffing||Worker Data: Staffing||Worker Data: Public Worker Reports||View||Get|
For more information about setting up Workday integration users, security groups, and permissions, see steps 1 to 4 of the Grant Integration or External Endpoint Access to Workday guide (accessible with Workday documentation/community credentials).
We recommended using a Workday Integration System User.
How to connect Workday to Cloud App Security using OAuth
Sign in to Workday with an account that is a member of the security group mentioned in the prerequisites.
Search for "Edit tenant setup – system", and under User Activity Logging, select Enable User Activity Logging.
Search for "Edit tenant setup – security", and under OAuth 2.0 Settings, select OAuth 2.0 Clients Enabled.
Search for "Register API Client" and select Register API Client – Task.
On the Register API Client page, fill out the following information, and then click OK.
Field name Value Client Name Microsoft Cloud App Security Client Grant Type Authorization Code Grant Access Token Type Bearer Redirection URI
OAuth2 Scopes Staffing and System Scope (Functional Areas) Staffing and System
Once registered, make a note for the following parameters, and then click Done.
- Client ID
- Client Secret
- Workday REST API Endpoint
- Token Endpoint
- Authorization Endpoint
In the Cloud App Security portal, click Investigate and then click Connected Apps.
In the App connectors page, click the plus button and then Workday.
In the popup, add your instance name and then click Connect Workday.
On the next page, fill out the details with the information you noted earlier, and then click Connect in Workday.
In Workday, a popup will ask you if you want to allow Cloud App Security access to your Workday account. To proceed, click Allow.
Back in the Cloud App Security portal, you should see a message that Workday was successfully connected. Make sure the connection succeeded by clicking Test API.
Testing may take a couple of minutes. After receiving a success notice, click Close.
After connecting Workday, you'll receive events for seven days prior to connection.