and more in a single search tool across platforms. Read the announcement here. |
02/12/2024 05:02 AM
Hi,
We’re on Saviynt EIC Version 23.12 and are trying to load Workday Accounts (not Users). Our requirements include:
Is this possible? And if so, what Connection Type would I use?
I have been successful in getting accounts to load using Workday_RAAS (Workday) Connection Type with USE_OAUTH = FALSE, which uses Basic Auth, and when I attempt to set USE_OAUTH = TRUE with various Connection Types (Workday_RAAS (Workday) or Workday_Hybrid_OAUTH (Workday)), the Save & Test Connection button just fails:
Error While Test connection: Connection Failed
Is our Saviynt version 23.12 compatible with OAuth RaaS and what settings would I need to get the connection working?
Please note that I was successful in getting the report running using Postman and OAuth 2.0 type, which means that my authentication values are correct. How would I transpose these into Saviynt EIC Version 23.12?
Thanks, Tessa
Solved! Go to Solution.
02/12/2024 05:45 AM
Hi @tpolin
The workday connector supports oauth as the authentication type for import and provisioning accounts in V23.12
Have you tried adding the client id, client secret and the refresh token when you are setting the use_oauth parameter to true?
Supported Features (saviyntcloud.com)
Configuring the Integration for Importing Users (saviyntcloud.com)
Configuring the Integration for Importing Accounts and Access (saviyntcloud.com)
02/12/2024 06:12 AM
Yes, I filled all advanced config fields that I thought might be required (including some optional ones). The ones I entered were:
Unfortunately, the log output doesn't give much info. Hard to tell what is legit and what is not. No obvious errors in any case.
02/12/2024 06:51 AM
In case this might help, I found the following error in the log that seems to coincide with my clicking the "Save & Test Connection" button:
2024-02-12T09:44:35-05:00-ecm--null-mhzhk--java.lang.Exception: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.workday/bsvc"><faultcode>SOAP-ENV:Server.processingError</faultcode><faultstring>Processing error occurred. The task submitted is not authorized.</faultstring><detail><wd:Processing_Fault><wd:Detail_Message>The task submitted is not authorized.</wd:Detail_Message></wd:Processing_Fault></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> at com.saviynt.provisoning.workday.WorkdayCommonUtilityService.callRestWebService(WorkdayCommonUtilityService.groovy:736) at com.saviynt.provisoning.workday.WorkdayCommonUtilityService.getServerTimestampForOauth(WorkdayCommonUtilityService.groovy:291) at com.saviynt.provisoning.workday.WorkdayCommonUtilityService.testConnection(WorkdayCommonUtilityService.groovy:110) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:966) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:768) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:155) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)
What might we be missing?
02/13/2024 08:56 PM - edited 02/13/2024 09:01 PM
Add passing username & password
02/14/2024 02:26 AM
I'm still getting that exact same error message in the logs (Processing error occurred. The task submitted is not authorized.). I even tried your connection type (Workday instead of Workday_RAAS (Workday), also tried Workday_Hybrid_OAUTH (Workday)), but none of them work. I do include username and password, as you suggested (even though it doesn't look like they are required).
Since the connection and report work fine in Postman with OAuth, I will open a Zendesk ticket in the hopes someone can help out in a reasonable timeframe.
02/20/2024 03:18 AM
It would have been really helpful for the Saviynt documentation to include specifically what Workday permissions to include. For the benefit of others who might need this functionality, the Workday team added the following additional scopes: Implementation and Integration (one of these or both did the trick!)