Need Recommendations for Workday SaaS connector Use case

nikhleshsdg · February 6, 2025, 4:37pm

Hello all,

We have Integrated with Workday SaaS connector using OAuth2 authorization with Refresh token grant type (only supported grant type). Connector is working fine with provided ClientID, secret, and non-expiry refresh token.

Now, we have a use case where we want to update the refresh token after every few months (refresh token will not be non-expiry).

I was thinking to handle this through Workflow where I need to call the Workday API to fetch refresh token and then use PUT API to update the Source with new refresh token. Although I need to see if refresh token from Workday will be in Plain text in Execution files, in that case we could not use this approach as well.

What I need is if anyone can recommend any other approach for this use case?

Thanks,
Nikhlesh

nikhleshsdg · February 7, 2025, 2:27am

@omar_khote_iam Any suggestions on this?

arjun_sengupta · February 13, 2025, 10:57pm

Hi Nikhlesh,

We tried something similar for another connector. Workflows are a option but decided to go with a periodic task now.

If we can integrate with a credential provider, it can be a option

Regards
Arjun

nikhleshsdg · February 14, 2025, 6:26pm

Hi Arjun,

Yes credential provider is a option which comes with cost.

You are updating refresh token manually when its expired?

Thanks.

arjun_sengupta · February 14, 2025, 8:15pm

HI Nikhlesh,

Yes. The secrets are stored in PAM tool with expiry date (say 6 months). Reminder notifications are sent to support team before expiry. They will change it and update it in SailPoint and PAM tool.

Regards
Arjun

nikhleshsdg · February 15, 2025, 4:27am

Thanks Arjun.

We are also thinking for a manual update and probably a SailPoint workflow to remind refresh token update before expiry.

system · April 16, 2025, 4:27am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.