- Onboard Cloud Collectors
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Abnormal Security Cloud Collector
- Anomali Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS CloudWatch Alarms Cloud Collector
- AWS GuardDuty Cloud Collector
- AWS S3 Cloud Collector
- AWS Security Lake Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Blob Storage Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Azure Virtual Network Flow Cloud Collector
- Box Cloud Collector
- Broadcom Carbon Black Cloud Collector
- Cato Networks Cloud Collector
- ChatGPT Enterprise Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Meraki Cloud Collector
- Cisco Secure Endpoint Cloud Collector
- Cisco Umbrella Cloud Collector
- Cloudflare Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- Cylance Protect (now Arctic Wolf) Cloud Collector
- DataBahn Cloud Collector
- Dropbox Cloud Collector
- GCP Cloud Logging Cloud Collector
- GCP Pub/Sub Cloud Collector
- GCP Security Command Center Cloud Collector
- Gemini Enterprise Cloud Collector
- GitHub Cloud Collector
- Gmail BigQuery Cloud Collector
- Google Workspace Cloud Collector
- LastPass Cloud Collector
- Microsoft Copilot Integration
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Mimecast Cloud Collector
- Mimecast Incydr Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Palo Alto Networks XDR Cloud Collector
- Phishing Email Inbox Cloud Collector
- PingOne Identity Cloud Collector
- Progress ShareFile Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Qualys Cloud Collector
- Recorded Future Cloud Collector
- Recorded Future Context Cloud Collector
- Rest API Cloud Collector
- S2W Threat Intelligence Cloud Collector
- Salesforce Cloud Collector
- Salesforce EventLog Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- ServiceNow Cloud Collector
- Slack Cloud Collector
- Snowflake Cloud Collector
- Sophos Central Cloud Collector
- Splunk Cloud Collector
- STIX/TAXII Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Tenable Cloud Collector
- Trend Vision One Cloud Collector
- Trellix Endpoint Security Cloud Collector
- Vectra Cloud Collector
- Zoom Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Workday Cloud Collector
- Shareable Service Accounts
Prerequisites to Configure the Workday Cloud Collector
Before you can configure the Workday cloud collector, complete the following prerequisites.
Enable user activity logging for the tenant.
Create an Integration System account and user (ISU).
Create an Integration System Security Group (ISSG).
Link the ISU to the Security Group (ISSG).
Assign Domain Security Policies.
Activate Security Changes.
Register an API client and generate a Refresh token.
Obtain the hostname and tenant name.
Enable User Activity Logging
Use the following steps to enable user activity logging for your tenant—your organization's Workday account, and facilitate data collection for the Workday Cloud collector for monitoring.
Log in to Workday as an administrator with your registered credentials.
Search for and access the Edit Tenant Setup - System task.
Select the Enable User Activity Logging option.
Search for and access the Edit Tenant Setup - Security task.
Select the OAuth 2.0 Clients Enabled option.
Create the Integration System User
Use the following steps to create an integration system user (ISU)
Log in to Workday as an administrator with your registered credentials.
Search for and access the Create Integration System User task.
Under Account Information, specify details such as user name, and a password for the user.
Set the session timeout minutes to
0.Select the Do Not Allow UI Sessions check box to disable interactive UI sessions for the user you created.
Note
To avoid integration errors caused by password expiration, access the Maintain Password Rules task, and add the ISU to the System Users exempt from password expiration list.
Click OK to save the configuration.
Create an Integration System Security Group (ISSG)
For cloud collector and Workday integration, ensure that you create a security group and assign the required domain security policies to that group.
Log in to Workday as an administrator with your registered credentials.
Search for and access the Create Security Group task.
Select the group type Integration System Security Group (Unconstrained).
Specify a name for the group and click Ok.
Click OK to save the configuration.
Assign the ISU and the domain security policies to the security group as follows.
Link ISU to Security Group (ISG)
Within the Create Security Group task, add the ISU account you created to the Integration System Users field. You can also assign the ISU account you created to your new security group by editing the created group.
Assign Domain Security Policies
Assign permissions to your new security group that you just created. In Workday, you grant access by linking domain policies to security groups, which you then assign to users.
Use the following quick tips to assign Domain Security Policies. First you link your Security Groups to specific domains and then activate the security policy changes.
Search for and run the Security Group Membership and Access report.
Click the security group you want to modify.
Click the (...) icon next to the group name and navigate to Security Group > Maintain Domain Permissions for Security Group.
Add domain security policies to the Report/Task Permissions section for UI access (tasks/reports) with the appropriate view or modify access levels.
Set up the Integration Permissions by adding the required domain security policies with the appropriate view or modify access levels.
Activate the changes as follows.
Activate Security Changes
In Workday, all security changes with new permissions remain pending until manually activated by an authorized user. For the Security policy changes to take effect immediately, run the Activate Pending Security Policy Changes task. Workday displays a list of changes that were made to the security polices. Confirm the changes by selecting Confirm and clicking OK.
Register an API Client
Use the following steps to register the API client.
Log in to Workday as an administrator with your registered credentials.
Search for and access the Register API Client for Integration task.
Provide specify the following required information.
Client Name – Specify a name for the collector.
Refresh Token TimeOut – The value is set to 0 by default.
Non-Expiring Refresh Tokens – Select the check box to enable this option.
Scope – Add the required scopes such as System.
Click Ok.
Record and save securely the Client Secret and Client ID before you navigate away from the page.
If you want to re-generate the client ID and client secret, click the (...) icon next to the newly created API Client name and navigate to API Client > Manage Refresh Tokens for Integrations, enter the ISU name for the Workday account and select the Regenerate New Refresh Token option. Click Ok. Note the newly generated Client Secret and Client ID.
Obtain the Hostname and Tenant Name
Use the following steps to obtain the hostname and tenant name to use it while configuring the Workday cloud collector.
Log in to Workday as an administrator with your registered credentials.
Search for and access the View API Clients task.
Locate the Workday REST API Endpoint field under API Clients for Integrations.
Note the Workday REST API Endpoint URL which is typically displayed in the header or as a specific field at the top of the tab. Hostname is the domain of your Workday API endpoint, for example, https://wd5-impl-services1.workday.com/ccx/api/v1/abc_preview
The basic URL structure is https://{host}/ccx/api/v1/{tenant}/{resource}. Hence in this example, the host name is
wd5-impl-services1.workday.comand the tenant name isabc_preview.Note the hostname and the tenant name to use it while configuring the cloud collector.