Workday
This article outlines the integration with the Workday connector, enabling streamlined metadata management through features such as crawling, profiling, data preview, querying, and manual lineage building. It also supports impact analysis and ensures secure authentication via Credential Manager.
Overview
Connector Details
Connector Category
Application
OvalEdge Releases Supported (Available from)
Release6.1 to Release7.2
Connectivity
[How the connection is established with Workday]
REST APIs
Workday Version Supported (HTTP Client)
OkHttp 4.10.0
The Workday connector has been validated with the specified "Workday Version Supported (HTTP Client)" and is expected to be compatible with other supported Workday versions. If there are any issues with validation or metadata crawling, please submit a support ticket for investigation and feedback.
The connectivity to the Workday connector is performed via the API, and the versions used by the API are given below:
API
V1
https://community.workday.com/sites/default/files/file-hosting/restapi/index.html
Connector Features
Bridge
✅
Crawling
✅
Delta Crawling
❌
Full Profiling
❌
Delta Profiling
❌
Sample Profiling
✅
Relationships
✅
Data Preview
✅
Auto Lineage
❌
Manual Lineage
✅
Authentication via Credential Manager
✅
Data Quality
✅
DAM (Data Access Management)
❌
Query Sheet
❌
Metadata Mapping
The following objects are crawled from Workday and mapped to the corresponding UI assets.
Schema
Production services
Database
Schemas
Schemas
Table
Endpoint Path
Table
Tables
Tables
Table
API Description
Table Comments
Tables
Tables
Column
Field Name
Column
Columns
Columns
Column
JSON Type
Column Data Type
Columns
Columns
Column
Field Description
Column Comments
Columns
Columns
Column
Field Label
Column Title
Columns
Columns
Column
Required Flag
Nullable
Columns
Columns
Relation
Parent-Child Reference
Column Relation
Relations
Relations
Workday does not provide a native schema concept. A default schema named "Workday" is created to act as a logical container for organizing and managing all Workday-related objects and attributes.
Set up a Connection
Prerequisites
The following are the prerequisites to establish a connection:
Service Account User Permissions
It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions.
The Workday connector is an API-based connector that connects to the Workday SaaS platform via REST APIs, not a traditional database. It uses OAuth 2.0 authentication with a Client ID, Client Secret, and Refresh Token. The connector reads Swagger JSON files to discover API endpoints and converts them into database-like structures (schemas, tables, columns) for OvalEdge cataloging.
👨💻Who can provide these permissions? These permissions are typically granted by the Workday administrator, as users may not have the required access to assign them independently.
Schemas
JSON API Versions
Read
Requires Access to Workday API JSON files, with versions defined dynamically to crawl API endpoint versions as schemas into OvalEdge
Tables
Workday API Endpoints
Read
Requires Access to Workday REST API endpoints to crawl tables and table descriptions into OvalEdge
Columns
API Response Schema
Read
Requires Access to Workday API response schema definitions to crawl columns and column descriptions into OvalEdge
Relationships
API Response Schema
Read
Requires Access to Workday API response schema definitions to crawl column relationships between parent tables and nested child tables into OvalEdge
For the Tables operation, the user must have API Enabled permission and read access to the objects to be crawled. These objects will appear as tables in the Application after crawling.
For the Columns & Indexes operation, the user must have read access to the object fields to be crawled. These fields will appear as table columns in the Application after crawling.
Connection Configuration Steps
Users are required to have the Connector Creator role in order to configure a new connection.
Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for Workday, and complete the required parameters.
Fields marked with an asterisk (*) are mandatory for establishing a connection.
Connector Type
By default, "Workday” is displayed as the selected connector type.
Credential Manager*
Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on the selection.
Supported Credential Managers:
Database
AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
License Add Ons
All connectors include a Base Connector license by default. This license allows users to crawl and profile the data source to collect metadata and statistical information.
Connector Environment
Select the environment (Example: PROD, STG) configured for the connector.
Connector Description
Enter a description to identify the purpose of the connector.
Connector Name*
Enter a unique name for the Workday connection (Example: "Workday_Prod").
Path*
Enter the local path where the Workday Swagger files are located.
Example: home/ovaxxxxxge/workday
Server*
Enter the fully qualified server name or IP address related to the Workday database.
Example: https://wd2-xxxx-servicesxyz.workday.com
Refresh Token*
Enter the details of the refresh token obtained from the Workday source. The refresh token is a security token generated by the Workday system. It is used to authenticate and authorize the connector's access to Workday's resources.
Client Id*
Enter the Client ID generated by the Workday source for OAuth 2.0 authentication. The Client ID uniquely identifies the connector application and is used with the Client Secret Key during the authentication process.
Client SecretKey*
Enter the Client Secret Key generated by the Workday source for OAuth 2.0 authentication. This security credential is used with the Client ID to establish a secure connection between the connector and the Workday source.
Tenant*
Enter the Tenant details, which are also generated by the Workday source. The Tenant serves as an identifier for the specific instance or environment within Workday's system.
Proxy Enabled*
Select Yes to route the connection through a configured proxy, or No to connect directly without a proxy.
Default Governance Roles
Default Governance Roles*
Select the appropriate users or teams for each governance role from the drop-down list. All users configured in the security settings are available for selection.
Admin Roles
Admin Roles*
Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in the security settings are available for selection.
Bridge
Select Bridge*
Select the bridge from the drop-down list.
The drop-down list displays all configured active bridges. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.
After entering all connection details, the following actions can be performed:
Click Validate to verify the connection.
Click Save to store the connection for future use.
Click Save & Configure to apply additional settings before saving.
The saved connection will appear on the Connectors home page.
Manage Connector Operations
Crawl/Profile
To perform crawl and profile operations, users must be assigned the Integration Admin role.
The Crawl/Profile button allows users to select one or more schemas to crawl and profile.
Navigate to the Connectors page and click Crawl/Profile.
Select the schemas to be crawled.
The Crawl option is selected by default. To perform both operations, select the Crawl & Profile radio button.
Click Run to collect metadata from the connected source and load it into the Data Catalog.
After a successful crawl, the information appears in the Data Catalog > Databases/Reports/Tables tab.
The Schedule checkbox allows automated crawling and profiling at defined intervals, from a minute to a year.
Click the Schedule checkbox to enable the Select Period drop-down.
Select a time period for the operation from the drop-down menu.
Click Schedule to initiate metadata collection from the connected source.
The system will automatically execute the selected operation (Crawl or Crawl & Profile) at the scheduled time.
Other Operations
The Connectors page provides a centralized view of all configured connectors and their health status.
Managing connectors includes:
Connector Health: Displays the current status of each connector with a green icon for active connections and a red icon for inactive connections, helping monitor connectivity to data sources.
Viewing: Click the Eye icon next to the connector name to view connector details, including databases, tables, columns, and codes.
Nine Dots Menu Options:
To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu.
Edit Connector: Update and revalidate the data source.
Validate Connector: Check the connection's integrity.
Settings: Modify connector settings.
Crawler: Configure data extraction.
Profiler: Customize data profiling rules and methods.
Query Policies: Define query execution rules by role.
Access Instructions: Add notes on how to access the data.
Business Glossary Settings: Manage term associations at the connector level.
Connection Pooling: Configure reusable connections to improve performance and resource usage.
Delete Connector: Remove a connector with confirmation.
Connectivity Troubleshooting
If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.
1
Error while validating connection: 401 Unauthorized
Description:
The Client ID, Client Secret, or Refresh Token is invalid, expired, or revoked.
Resolution:
Verify the Client ID, Client Secret, and Refresh Token entered in the setup form.
Generate a new refresh token if required, and validate the connection again.
2
Error while validating connection: 403 Forbidden
Description:
The service account does not have permission to access the Workday APIs.
Resolution:
The user account used for authentication does not have the required API permissions.
Verify the assigned security policies and API access permissions in Workday.
Grant the required access and validate the connection again.
Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA
Last updated
Was this helpful?