This article explains how to configure OAuth 2.0 authentication in Workday to connect it with CodeSignal. The setup involves registering an API client in Workday and authorizing CodeSignal to access it. We'll cover:
- Prerequisites
- Step 1: Register an API Client in Workday
- Step 2: Configure OAuth Settings
- Step 3: Save and Capture Client Credentials
- Step 4: Configure OAuth in CodeSignal
- Troubleshooting
Prerequisites
Before starting, ensure you have:
-
Workday administrator access
- Permission to register API Clients for Integrations
- Access to CodeSignal with integration setup permissions
Step 1: Register an API Client in Workday
- Log in to your Workday tenant.
- Start task Register API Client for Integrations
Step 2: Configure OAuth Settings
Configure the API client with the following values:
- Client Name (Example: CodeSignal Integration)
- Non-Expiring Refresh Tokens must be checked.
-
Scopes
Select the scopes required for the CodeSignal Workday integration. At a minimum, it must include Recruiters scope.
⚠️ Only grant the minimum scopes required. OAuth scopes in Workday behave like permission boundaries—once granted, CodeSignal can access everything within that scope.
Step 3: Save and Capture Client Credentials
After saving the API client, Workday generates:
-
Client ID
-
Client Secret
Copy both values immediately and share them with CodeSignal securely.
⚠️ The Client Secret is shown only once. If it’s lost, you must regenerate it
Step 4: Save and capture refresh token
- Start Manage Refresh Tokens for Integrations task
- Select Workday account associated with the integration. It is a good idea to have an Integration System User defined for this. The user will need the following domain security policy permissions:
- GET and PUT Assess Candidate
- GET and PUT Candidate Data: Job Application
- GET and PUT Candidate Data: Assessment Results
- Check the Generate New Refresh Token option and click “OK”. If you have another token configured, you can either skip this step and use the existing token, or check Confirm Delete to generate a new one.
- Copy refresh token and share it with CodeSignal securely.
Troubleshooting
Invalid Client
- Ensure the Client ID and Secret match the Workday API client
- Regenerate credentials if the secret was lost
Permission Errors
- Confirm the Workday user approving access has sufficient privileges
- Recheck assigned OAuth scopes