# Workday

This article outlines the integration with the Workday connector, enabling streamlined metadata management through features such as crawling, profiling, data preview, querying, and manual lineage building. It also supports impact analysis and ensures secure authentication via Credential Manager.

<figure><img src="/files/kYayr28bgGL4u63xKeOz" alt=""><figcaption></figcaption></figure>

## Overview

### Connector Details

| Connector Category                                                          | Application              |
| --------------------------------------------------------------------------- | ------------------------ |
| OvalEdge Releases Supported (Available from)                                | Release6.1 to Release7.2 |
| <p>Connectivity</p><p>\[How the connection is established with Workday]</p> | REST APIs                |
| Workday Version Supported (HTTP Client)                                     | OkHttp 4.10.0            |

{% hint style="info" %}
The Workday connector has been validated with the specified "Workday Version Supported (HTTP Client)" and is expected to be compatible with other supported Workday versions. If there are any issues with validation or metadata crawling, please submit a support ticket for investigation and feedback.
{% endhint %}

The connectivity to the Workday connector is performed via the API, and the versions used by the API are given below:

<table><thead><tr><th width="92.63638305664062">API</th><th width="116.272705078125">Version</th><th>Details</th></tr></thead><tbody><tr><td>API</td><td>V1</td><td>https://community.workday.com/sites/default/files/file-hosting/restapi/index.html</td></tr></tbody></table>

### Connector Features

| Feature                               | Availability |
| ------------------------------------- | :----------: |
| Bridge                                |       ✅      |
| Crawling                              |       ✅      |
| Delta Crawling                        |       ❌      |
| Full Profiling                        |       ❌      |
| Delta Profiling                       |       ❌      |
| Sample Profiling                      |       ✅      |
| Relationships                         |       ✅      |
| Data Preview                          |       ✅      |
| Auto Lineage                          |       ❌      |
| Manual Lineage                        |       ✅      |
| Authentication via Credential Manager |       ✅      |
| Data Quality                          |       ✅      |
| DAM (Data Access Management)          |       ❌      |
| Query Sheet                           |       ❌      |

### Metadata Mapping

The following objects are crawled from Workday and mapped to the corresponding UI assets.

| Workday Object | Workday Attribute      | OvalEdge Attribute | OvalEdge Category | OvalEdge Type |
| -------------- | ---------------------- | ------------------ | ----------------- | ------------- |
| Schema         | Production services    | Database           | Schemas           | Schemas       |
| Table          | Endpoint Path          | Table              | Tables            | Tables        |
| Table          | API Description        | Table Comments     | Tables            | Tables        |
| Column         | Field Name             | Column             | Columns           | Columns       |
| Column         | JSON Type              | Column Data Type   | Columns           | Columns       |
| Column         | Field Description      | Column Comments    | Columns           | Columns       |
| Column         | Field Label            | Column Title       | Columns           | Columns       |
| Column         | Required Flag          | Nullable           | Columns           | Columns       |
| Relation       | Parent-Child Reference | Column Relation    | Relations         | Relations     |

{% hint style="info" %}
Workday does not provide a native schema concept. A default schema named "Workday" is created to act as a logical container for organizing and managing all Workday-related objects and attributes.
{% endhint %}

### Set up a Connection

#### Prerequisites

The following are the prerequisites to establish a connection:

**Service Account User Permissions**

{% hint style="warning" %}
It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions.
{% endhint %}

{% hint style="warning" %}
The Workday connector is an API-based connector that connects to the Workday SaaS platform via REST APIs, not a traditional database. It uses OAuth 2.0 authentication with a Client ID, Client Secret, and Refresh Token. The connector reads Swagger JSON files to discover API endpoints and converts them into database-like structures (schemas, tables, columns) for OvalEdge cataloging.
{% endhint %}

{% hint style="info" %}
👨‍💻Who can provide these permissions? These permissions are typically granted by the Workday administrator, as users may not have the required access to assign them independently.
{% endhint %}

<table><thead><tr><th width="124.18179321289062">Objects</th><th width="198.0908203125">Sys Tables/ Objects</th><th width="127.727294921875">Permissions</th><th width="425.42425537109375">Comment</th></tr></thead><tbody><tr><td>Schemas</td><td>JSON API Versions</td><td>Read</td><td>Requires Access to Workday API JSON files, with versions defined dynamically to crawl API endpoint versions as schemas into OvalEdge</td></tr><tr><td>Tables</td><td>Workday API Endpoints</td><td>Read</td><td>Requires Access to Workday REST API endpoints to crawl tables and table descriptions into OvalEdge</td></tr><tr><td>Columns</td><td>API Response Schema</td><td>Read</td><td>Requires Access to Workday API response schema definitions to crawl columns and column descriptions into OvalEdge</td></tr><tr><td>Relationships</td><td>API Response Schema</td><td>Read</td><td>Requires Access to Workday API response schema definitions to crawl column relationships between parent tables and nested child tables into OvalEdge</td></tr></tbody></table>

{% hint style="info" %}
For the Tables operation, the user must have API Enabled permission and read access to the objects to be crawled. These objects will appear as tables in the Application after crawling.
{% endhint %}

{% hint style="info" %}
For the Columns & Indexes operation, the user must have read access to the object fields to be crawled. These fields will appear as table columns in the Application after crawling.
{% endhint %}

### Connection Configuration Steps

{% hint style="info" %}
Users are required to have the Connector Creator role in order to configure a new connection.
{% endhint %}

1. Log into OvalEdge, go to **Administration** > **Connectors**, click **+** (New Connector), search for **Workday**, and complete the required parameters.

{% hint style="info" %}
Fields marked with an asterisk (\*) are mandatory for establishing a connection.
{% endhint %}

<table><thead><tr><th width="220.51522827148438">Field Name</th><th>Description</th></tr></thead><tbody><tr><td>Connector Type</td><td>By default, "Workday” is displayed as the selected connector type.</td></tr><tr><td>Credential Manager*</td><td><p>Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on the selection.</p><p>Supported Credential Managers:</p><ul><li>Database</li><li>AWS Secrets Manager</li><li>HashiCorp Vault</li><li>Azure Key Vault</li></ul></td></tr><tr><td>License Add Ons</td><td>All connectors include a Base Connector license by default. This license allows users to crawl and profile the data source to collect metadata and statistical information.</td></tr><tr><td>Connector Environment</td><td>Select the environment (Example: PROD, STG) configured for the connector.</td></tr><tr><td>Connector Description</td><td>Enter a description to identify the purpose of the connector.</td></tr><tr><td>Connector Name*</td><td>Enter a unique name for the Workday connection (Example: "Workday_Prod").</td></tr><tr><td>Path*</td><td><p>Enter the local path where the Workday Swagger files are located.</p><p>Example: home/ovaxxxxxge/workday</p></td></tr><tr><td>Server*</td><td><p>Enter the fully qualified server name or IP address related to the Workday database.</p><p>Example: https://wd2-xxxx-servicesxyz.workday.com</p></td></tr><tr><td>Refresh Token*</td><td>Enter the details of the refresh token obtained from the Workday source. The refresh token is a security token generated by the Workday system. It is used to authenticate and authorize the connector's access to Workday's resources.</td></tr><tr><td>Client Id*</td><td>Enter the Client ID generated by the Workday source for OAuth 2.0 authentication. The Client ID uniquely identifies the connector application and is used with the Client Secret Key during the authentication process. </td></tr><tr><td>Client SecretKey*</td><td>Enter the Client Secret Key generated by the Workday source for OAuth 2.0 authentication. This security credential is used with the Client ID to establish a secure connection between the connector and the Workday source. </td></tr><tr><td>Tenant*</td><td>Enter the Tenant details, which are also generated by the Workday source. The Tenant serves as an identifier for the specific instance or environment within Workday's system. </td></tr><tr><td>Proxy Enabled* </td><td>Select Yes to route the connection through a configured proxy, or No to connect directly without a proxy. </td></tr></tbody></table>

**Default Governance Roles**

<table data-header-hidden><thead><tr><th width="220.272705078125"></th><th></th></tr></thead><tbody><tr><td>Default Governance Roles*</td><td>Select the appropriate users or teams for each governance role from the drop-down list. All users configured in the security settings are available for selection.</td></tr></tbody></table>

**Admin Roles**

<table data-header-hidden><thead><tr><th width="219.06060791015625"></th><th></th></tr></thead><tbody><tr><td>Admin Roles*</td><td>Select one or more users from the dropdown list for Integration Admin and Security &#x26; Governance Admin. All users configured in the security settings are available for selection.</td></tr></tbody></table>

**Bridge**

<table data-header-hidden><thead><tr><th width="219.66668701171875"></th><th></th></tr></thead><tbody><tr><td>Select Bridge*</td><td><p>Select the bridge from the drop-down list.</p><p>The drop-down list displays all configured active bridges. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.</p></td></tr></tbody></table>

1. After entering all connection details, the following actions can be performed:
   1. Click **Validate** to verify the connection.
   2. Click **Save** to store the connection for future use.
   3. Click **Save & Configure** to apply additional settings before saving.
2. The saved connection will appear on the **Connectors home** page.

### Manage Connector Operations

#### Crawl/Profile

{% hint style="warning" %}
To perform crawl and profile operations, users must be assigned the Integration Admin role.
{% endhint %}

The **Crawl/Profile** button allows users to select one or more schemas to **crawl** and **profile**.

1. Navigate to the **Connectors** page and click **Crawl/Profile**.
2. Select the schemas to be crawled.
3. The **Crawl** option is selected by default. To perform both operations, select the **Crawl & Profile** radio button.
4. Click **Run** to collect metadata from the connected source and load it into the **Data Catalog**.
5. After a successful crawl, the information appears in the **Data Catalog** > **Databases/Reports/Tables** tab.

The **Schedule** checkbox allows automated crawling and profiling at defined intervals, from a minute to a year.

1. Click the **Schedule** checkbox to enable the Select Period drop-down.
2. Select a time period for the operation from the drop-down menu.
3. Click **Schedule** to initiate metadata collection from the connected source.
4. The system will automatically execute the selected operation (**Crawl** or **Crawl & Profile**) at the scheduled time.

#### Other Operations

The **Connectors** page provides a centralized view of all configured connectors and their health status.

**Managing connectors includes:**

* **Connector Health**: Displays the current status of each connector with a **green** icon for active connections and a **red** icon for inactive connections, helping monitor connectivity to data sources.
* **Viewing**: Click the **Eye** icon next to the connector name to view connector details, including databases, tables, columns, and codes.

**Nine Dots Menu Options:**

To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu.

* **Edit Connector**: Update and revalidate the data source.
* **Validate Connector:** Check the connection's integrity.
* **Settings**: Modify connector settings.
  * **Crawler**: Configure data extraction.
  * **Profiler**: Customize data profiling rules and methods.
  * **Query Policies**: Define query execution rules by role.
  * **Access Instructions:** Add notes on how to access the data.
  * **Business Glossary Settings:** Manage term associations at the connector level.
  * **Connection Pooling**: Configure reusable connections to improve performance and resource usage.
* **Delete Connector:** Remove a connector with confirmation.

### Connectivity Troubleshooting

If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

<table><thead><tr><th width="92.03030395507812">Sl. No.</th><th width="194.27276611328125">Error Message(s)</th><th>Error Description &#x26; Resolution</th></tr></thead><tbody><tr><td>1</td><td>Error while validating connection: 401 Unauthorized </td><td><p><strong>Description</strong>: </p><p>The Client ID, Client Secret, or Refresh Token is invalid, expired, or revoked. </p><p><strong>Resolution</strong>: </p><ul><li>Verify the Client ID, Client Secret, and Refresh Token entered in the setup form.</li><li>Generate a new refresh token if required, and validate the connection again. </li></ul></td></tr><tr><td>2</td><td>Error while validating connection: 403 Forbidden </td><td><p><strong>Description</strong>: </p><p>The service account does not have permission to access the Workday APIs. </p><p><strong>Resolution</strong>: </p><ul><li>The user account used for authentication does not have the required API permissions.</li><li>Verify the assigned security policies and API access permissions in Workday.</li><li>Grant the required access and validate the connection again.</li></ul></td></tr></tbody></table>

***

&#x20;Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ovaledge.com/release8.1/connectors/connector-repositories/application/workday.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.