How to create Workday OAuth2 credentials and configure it in Composio

How to create Workday OAuth2 credentials and configure it in Composio

In this guide, I'll walk you through setting up OAuth2 credentials for Workday and configuring the authentication in Composio. So, let's begin.

Setting up Workday

In this section, we'll walk through registering an API client in Workday and generating the Client ID and Client Secret required for OAuth2 authentication.

NOTE: Workday recommends an Integration System User (ISU) with the right domain permissions to use API clients. If your Workday admin hasn't set this up yet, see the Additional: ISU & Security Group Setup section at the bottom of this guide.

Step 1: Register an API Client

  1. Search for the Register API Client in Workday and select the task.

Image 1

  1. Enter a Client Name (e.g., Composio-Workday), Select the Non-Expiring Refresh Tokens option, Add the below redirect URI if you are using our cloud.

https://backend.composio.dev/api/v1/auth-apps/add

Also, add the required scopes. At minimum, include the Integration scope and add any additional scopes based on what your integration needs. Click OK to generate the Client ID and Client Secret.

Image 2

  1. You will be redirected to the page below, where you can find the Client ID and Client Secret along with the REST API, Token and Authorisation endpoints.

Image 3

⚠️ Important: Save the Client Secret immediately — you won't be able to see it again after leaving this page.

That's all you need from the Workday portal.

Creating the Auth Config in Composio

With your OAuth credentials ready, navigate to the Composio dashboard to configure Workday authentication settings.

  1. Click on the Create Auth Config button to get a list of all the toolkits available.

Image 4

  1. In the sidebar that opens, choose Workday for the toolkit. Stick with all the default settings for now

Image 5

  1. Add your Client ID and Secret.

Image 6

  1. Then, click Create Workday Auth Config.

  2. You can also update the existing configuration in the Manage Auth Config tab

Image 7

Once done, copy the auth config ID (which starts with ac_) and use it in your application code via a secret manager. Your Workday auth config is now ready to go!

Additional: ISU & Security Group Setup

Most Workday tenants will have this configured by an admin. If you're unsure, check with your Workday admin before proceeding.

Create an Integration System User (ISU)

An ISU is a dedicated service account for integrations — it keeps API operations separate from regular user accounts.

  1. Type Create Integration System User into Workday's search bar and select the task.

  2. Enter a username and set a password.

  3. Set Session Timeout Minutes to 0 prevent the ISU from timing out.

  4. Select the Do Not Allow UI Sessions checkbox to restrict UI logins.

  5. Navigate to the Maintain Password Rules task and add the ISU to the System Users exempt from password expiration field.

Create a Security Group

  1. Search for Create Security Group in Workday and select the task.

  2. Select a security group type:

    • Integration System Security Group (Unconstrained) — access to all data instances.

    • Integration System Security Group (Constrained) — access scoped by context.

  3. Add your ISU as a member of the security group.

  4. Click Done.

Grant Domain Permissions

  1. Search for Maintain Permissions for Security Group and select the task.

  2. Choose your security group and go to the Domain Security Policy Permissions tab.

  3. Ensure the security group has GET permissions for:

    • Integration Build

    • Integration Process

    • Integration Debug

    • Integration Event

    • Worker Data: Current Staffing Information

    • Worker Data: Public Worker Reports

  4. Click OK, then Done.

  5. Search for Activate Pending Security Policy Changes, enter a comment, and confirm.

In this guide, I'll walk you through setting up OAuth2 credentials for Workday and configuring the authentication in Composio. So, let's begin.

Setting up Workday

In this section, we'll walk through registering an API client in Workday and generating the Client ID and Client Secret required for OAuth2 authentication.

NOTE: Workday recommends an Integration System User (ISU) with the right domain permissions to use API clients. If your Workday admin hasn't set this up yet, see the Additional: ISU & Security Group Setup section at the bottom of this guide.

Step 1: Register an API Client

  1. Search for the Register API Client in Workday and select the task.

Image 1

  1. Enter a Client Name (e.g., Composio-Workday), Select the Non-Expiring Refresh Tokens option, Add the below redirect URI if you are using our cloud.

https://backend.composio.dev/api/v1/auth-apps/add

Also, add the required scopes. At minimum, include the Integration scope and add any additional scopes based on what your integration needs. Click OK to generate the Client ID and Client Secret.

Image 2

  1. You will be redirected to the page below, where you can find the Client ID and Client Secret along with the REST API, Token and Authorisation endpoints.

Image 3

⚠️ Important: Save the Client Secret immediately — you won't be able to see it again after leaving this page.

That's all you need from the Workday portal.

Creating the Auth Config in Composio

With your OAuth credentials ready, navigate to the Composio dashboard to configure Workday authentication settings.

  1. Click on the Create Auth Config button to get a list of all the toolkits available.

Image 4

  1. In the sidebar that opens, choose Workday for the toolkit. Stick with all the default settings for now

Image 5

  1. Add your Client ID and Secret.

Image 6

  1. Then, click Create Workday Auth Config.

  2. You can also update the existing configuration in the Manage Auth Config tab

Image 7

Once done, copy the auth config ID (which starts with ac_) and use it in your application code via a secret manager. Your Workday auth config is now ready to go!

Additional: ISU & Security Group Setup

Most Workday tenants will have this configured by an admin. If you're unsure, check with your Workday admin before proceeding.

Create an Integration System User (ISU)

An ISU is a dedicated service account for integrations — it keeps API operations separate from regular user accounts.

  1. Type Create Integration System User into Workday's search bar and select the task.

  2. Enter a username and set a password.

  3. Set Session Timeout Minutes to 0 prevent the ISU from timing out.

  4. Select the Do Not Allow UI Sessions checkbox to restrict UI logins.

  5. Navigate to the Maintain Password Rules task and add the ISU to the System Users exempt from password expiration field.

Create a Security Group

  1. Search for Create Security Group in Workday and select the task.

  2. Select a security group type:

    • Integration System Security Group (Unconstrained) — access to all data instances.

    • Integration System Security Group (Constrained) — access scoped by context.

  3. Add your ISU as a member of the security group.

  4. Click Done.

Grant Domain Permissions

  1. Search for Maintain Permissions for Security Group and select the task.

  2. Choose your security group and go to the Domain Security Policy Permissions tab.

  3. Ensure the security group has GET permissions for:

    • Integration Build

    • Integration Process

    • Integration Debug

    • Integration Event

    • Worker Data: Current Staffing Information

    • Worker Data: Public Worker Reports

  4. Click OK, then Done.

  5. Search for Activate Pending Security Policy Changes, enter a comment, and confirm.

RUBE(MCP)

pricing

blog

docs

Toolkits

Sign in

RUBE(MCP)

pricing

blog

docs

Toolkits

Sign in

MCP

Pricing

blog

tools

docs

EXPLORE

AGENT AUTH

ENTERPRISES

STARTUPS

Stay updated.

Join discord

Compare

Vs pipedream

product

pricing

startups

enterprise

agent auth

MCP GAteway

resources

docs

blog

cookbooks

OAuth2 guides

Case Studies

Toolkits

COMPANY

Careers

trust

Support

Terms

Privacy Policy

©  Composio 2025

Stay updated.

Join discord

Compare

Vs pipedream

product

pricing

startups

enterprise

agent auth

MCP GAteway

resources

docs

blog

cookbooks

OAuth2 guides

Case Studies

Toolkits

COMPANY

Careers

trust

Support

Terms

Privacy Policy

©  Composio 2025

Stay updated.

Join discord

Compare

Vs pipedream

product

pricing

startups

enterprise

agent auth

MCP GAteway

resources

docs

blog

cookbooks

OAuth2 guides

Case Studies

Toolkits

COMPANY

Careers

trust

Support

Terms

Privacy Policy

©  Composio 2025

Stay updated.

Join discord

Compare

Vs pipedream

product

pricing

startups

enterprise

agent auth

MCP GAteway

resources

docs

blog

cookbooks

OAuth2 guides

Case Studies

Toolkits

COMPANY

Careers

trust

Support

Terms

Privacy Policy

©  Composio 2025