將 Workday 連接到 Microsoft Cloud App SecurityConnect Workday to Microsoft Cloud App Security

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security


Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

本文提供的指示說明如何使用 App 連線程式 API,將 Microsoft Cloud App Security 連接到您現有的 Workday 帳戶。This article provides instructions for connecting Microsoft Cloud App Security to your existing Workday account using the app connector API. 此連接可讓您查看及控制 Workday 的使用。This connection gives you visibility into and control over Workday use. 如需 Cloud App Security 如何保護 Workday 的詳細資訊,請參閱 保護 workdayFor information about how Cloud App Security protects Workday, see Protect Workday.

快速入門Quick start

觀看我們的快速入門影片,示範如何在 Workday 中設定必要條件和執行步驟。Watch our quick start video showing how to configure the prerequisites and perform the steps in Workday. 完成影片中的步驟之後,您可以繼續 新增 Workday 連接器Once you've completed the steps in the video, you can proceed to add the Workday connector.


用來連接到 Cloud App Security 的 Workday 帳戶必須是安全性群組的成員, (新的或現有的) 。The Workday account used for connecting to Cloud App Security must be a member of a security group (new or existing). 我們建議使用 Workday 整合系統使用者。We recommended using a Workday Integration System User. 安全性群組必須針對下列網域安全性原則選取下列許可權:The security group must have the following permissions selected for the following domain security policies:

功能區域Functional area 網域安全性原則Domain Security policy 子域安全性原則Subdomain Security policy 報告/工作權限Report/Task Permissions 整合權限Integration Permissions
系統System 設定:租使用者設定-一般Set Up: Tenant Setup – General 設定:租使用者設定-安全性Set Up: Tenant Setup – Security 視圖、修改View, Modify Get、PutGet, Put
系統System 安全性管理Security Administration 視圖、修改View, Modify Get、PutGet, Put
系統System 系統審核System auditing 檢視View GetGet
人員配置Staffing 背景工作資料:人員配置Worker Data: Staffing 人員資料:公用人員報告Worker Data: Public Worker Reports 檢視View GetGet


  • 用來設定安全性群組許可權的帳戶必須是 Workday 系統管理員。The account that is used to set up permissions for the security group must be a Workday Administrator.
  • 若要設定許可權,請搜尋「功能區域的網域安全性原則」,然後搜尋每個功能區域 ( 「系統」/「人員配置」 ) 並授與表格中所列的許可權。To set permissions, search for "Domain Security Policies for Functional Area", then search for each functional area ("System"/"Staffing") and grant the permissions listed in the table.
  • 設定好擁有權限之後,請搜尋「啟用擱置的安全性原則變更」並核准變更。Once all permissions have been set, search for "Activate Pending Security Policy Changes" and approve the changes.

如需設定 Workday 整合使用者、安全性群組和許可權的詳細資訊,請參閱《 授與整合或外部端點存取 workday 指南》的步驟1到4, (可利用 workday 檔/社區認證) 存取。For more information about setting up Workday integration users, security groups, and permissions, see steps 1 to 4 of the Grant Integration or External Endpoint Access to Workday guide (accessible with Workday documentation/community credentials).

如何使用 OAuth 將 Workday 連接到 Cloud App SecurityHow to connect Workday to Cloud App Security using OAuth

  1. 使用屬於必要條件中所述之安全性群組成員的帳戶登入 Workday。Sign in to Workday with an account that is a member of the security group mentioned in the prerequisites.

  2. 搜尋 [編輯租使用者設定–系統],然後在 [ 使用者活動記錄] 下,選取 [ 啟用使用者活動記錄]。Search for "Edit tenant setup – system", and under User Activity Logging, select Enable User Activity Logging.


  3. 搜尋 [編輯租使用者設定-安全性],然後在 [ oauth 2.0 設定] 下,選取 [ 已啟用 Oauth 2.0 用戶端]。Search for "Edit tenant setup – security", and under OAuth 2.0 Settings, select OAuth 2.0 Clients Enabled.

  4. 搜尋「註冊 API 用戶端」,然後選取 [ 註冊 Api 用戶端–工作]。Search for "Register API Client" and select Register API Client – Task.

  5. 在 [ 註冊 API 用戶端 ] 頁面上,填寫下列資訊,然後按一下 [確定]On the Register API Client page, fill out the following information, and then click OK.

    欄位名稱Field name Value
    用戶端名稱Client Name Microsoft Cloud App SecurityMicrosoft Cloud App Security
    用戶端授與類型Client Grant Type 授權碼授與Authorization Code Grant
    存取權杖類型Access Token Type 持有人Bearer
    重新導向 URIRedirection URI https://portal.cloudappsecurity.com/api/oauth/connect
    未到期的重新整理權杖Non-Expiring Refresh Tokens YesYes
    OAuth2 範圍OAuth2 Scopes 人員 配置和 系統Staffing and System
    範圍 (功能區域) Scope (Functional Areas) 人員 配置和 系統Staffing and System

    註冊 API 用戶端的螢幕擷取畫面

  6. 註冊之後,請記下下列參數,然後按一下 [ 完成]。Once registered, make a note for the following parameters, and then click Done.

    • 用戶端識別碼Client ID
    • 用戶端密碼Client Secret
    • Workday REST API 端點Workday REST API Endpoint
    • 權杖端點Token Endpoint
    • 授權端點Authorization Endpoint

    確認 API 用戶端註冊的螢幕擷取畫面

  7. 在 Cloud App Security 入口網站中,按一下 [ 調查 ],然後按一下 [ 已連線的應用程式]。In the Cloud App Security portal, click Investigate and then click Connected Apps.

  8. 在 [ 應用程式連接器 ] 頁面中,按一下加號按鈕,然後按一下 [ Workday]。In the App connectors page, click the plus button and then Workday.

    新增 app connector 的螢幕擷取畫面

  9. 在快顯視窗中,加入您的實例名稱,然後按一下 [連接 Workday]In the pop-up, add your instance name and then click Connect Workday.


  10. 在下一個頁面上,使用您稍早記下的資訊來填妥詳細資料,然後按一下 [ 在 Workday 中連接]On the next page, fill out the details with the information you noted earlier, and then click Connect in Workday.


  11. 在 Workday 中,會出現一個快顯視窗,詢問您是否要允許 Cloud App Security 存取您的 Workday 帳戶。In Workday, a pop-up appears asking you if you want to allow Cloud App Security access to your Workday account. 若要進行,請按一下 [允許]****。To proceed, click Allow.


  12. 回到 Cloud App Security 入口網站,您應該會看到已成功連接 Workday 的訊息。Back in the Cloud App Security portal, you should see a message that Workday was successfully connected. 按一下 [測試 API]**** 確定連線成功。Make sure the connection succeeded by clicking Test API.

    測試可能需要幾分鐘的時間。Testing may take a couple of minutes. 收到成功通知之後,按一下 [關閉]****。After receiving a success notice, click Close.


連接 Workday 之後,您將會在連線前七天收到事件。After connecting Workday, you'll receive events for seven days prior to connection.

如果您在連接應用程式時遇到任何問題,請參閱 疑難排解應用程式連接器If you have any problems connecting the app, see Troubleshooting App Connectors.

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.