Estimated reading: 3 minutes 1069 views

Set up Workday for automated tests with TrustCloud!


Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your Workday account so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to Workday

  1. Go to ‘Create Security Group’ in Workday and create an ‘Integration System Security Group’.
  2. Grant permissions to your newly created security group. For each domain, to grant access,
    1. Go to the ‘View Domain’ report and find the domains listed below
    2. Click on ‘Domain’ and then click on ’Edit Security Policy Permissions’.
    3. Add the security group, and grant permissions for GET.
    4. Required domains for the Workday HRIS integration:
      1. Worker Data: Workers
      2. Worker Data: All Positions
      3. Worker Data: Current Staffing Information
      4. Worker Data: Employment Data
      5. Worker Data: Organization Information
    5. Additionally, grant access to the following security policies:
      1. Integration Build
      2. Integration Process
      3. Integration Debug
      4. Integration Event
    6. Activate these permissions by clicking ‘Activate Pending Security Policy Changes’.
    7. Go to ‘Create Integration System User (ISU)’ and configure a Workday user to integrate Workday with TrustOps.
    8. Set the ‘Session Timeout Minutes’ to 0 to prevent session expiration.
    9. Go to ‘Maintain Password Rules’ and add the ISU to the ‘System Users’ exempt from a password expiration.
    10. Optionally, enable the ‘Do Not Allow UI Sessions’ checkbox to block the ISU from logging in through the Workday UI.
    11. After creating the ‘Integration System User’, click on ‘Security Profile’ and  click on “Assign Integration System Security Groups”.
    12. Select the security group you created previously, go to ‘View Integration System Report’, and access the ‘Connector’ or ‘Studio integration’.
    13. Go to Workday Account. Click on ‘Edit’ and select ‘Integration System User’.
    14. Copy the username and password for future reference.
    15. Retrieve the Tenant ID. It can be found in the URL when you are logged into Workday. For example, if the URL of your Workday UI is, your tenant ID is sample_company.
    16. Retrieve the Workday WSDL URL that is used as the base URL for every API request. The WSDL URL can be found here: If you are unsure, then use
    17. Provide the user name, Password, Tenant ID, and Workday WSDL URL into TrustOps.

Additional Information

For additional details, you can refer to the API Deck Workday Integration guide.

Join the conversation

You might also be interested in


Whitelist these IPs so that TrustCloud can gain limited access to your instance...


An integration is a built-in connector between your TrustCloud and an external SaaS service....

Platform Capabilities

We believe GRC should be a profit center, our goal is to empower our...


TrustCloud® is a Trust Assurance Platform designed for startups, SMBs, and enterprises to achieve,...

Microsoft Azure

This document outlines the steps you can take to grant TrustCloud access to only...


The articles outline the current TrustCloud customer support process....


This document outlines the steps you can take to grant TrustCloud access to only...

Jira Cloud

Set up Jira Cloud for Jira Ticket as Evidence with TrustCloud! This document outlines...