Skip to main content

logoCorrectSize.png

Workday Adaptive Planning Knowledge Center

Switch Client Grant Type to JWT Bearer

Explains how to switch your Workday credential from Authorization Code Grant to JWT Bearer for publishing plans to Workday

We recommend switching existing Workday credentials for your Workday data sources from Authorization Code Grant to JWT Bearer for:

  • Publishing plans to Workday
  • Connecting multiple instances to Workday without enabling the full Workday-Adaptive Planning capabilities.

Before You Begin

  • Verify you set up an Integration System User (ISU) in Workday
  • Verify you set up your Integration System Security Group (ISSG) in Workday. 

How You Get There

Navigation Icon5.png  Design Integrations > Data Designer. 

Switch Client Grant Type

In Adaptive Insights

  1. Select your existing Workday credential 
  2. Select JWT Bearer Grant for Client Grant Type. 
  3. Enter your ISU in ISU User.
  4. Select View Certificate in the Actions pane.
  5. Copy the entire contents of the Certificate pop up.
  6. Save your credential.

In Workday

  1. Search for the Register API Client task and register a new client. We recommend naming it Integration API Client.
  2. Select Jwt Bearer Grant for Client Grant Type.
  3. Select Bearer for Access Token Type.
  4. Select Create x509 Public Key for x509 Certificate.
  5. Paste the certificate you copied from Adaptive Insights.
  6. Select the functional areas that encompass the reports you use to import. The functional areas should cover your:
    • Report data sources.
    • Report data source filters.
    • Report fields.
      Example: If the reports you use to import data use the Plan Dimensions report data source, select System.
  7. Copy and paste the Adaptive Planning Redirection URI to the Redirect URI for the Workday API Client. Though this is a required field, JWT bearer grant will not call this URL.
  8. Verify that Access Token Type is set to Bearer.
  9. Select OK.

Within Adaptive Planning select Test Connection in the Actions pane for your completed Workday Credential. At least one Workday report must be enabled and shared with the ISU you entered for your connection to succeed.

Don't use multiple Local Credentials in the same Adaptive Planning instance because they can cause connectivity issues with Workday.

Disable the Old Authorization Code Grant API Client

After completing a successful connection with a JWT Bearer Grant disable your old Authorization Code Grant API client in Workday if you no longer need it.

  1. Search for the Edit API Client task in Workday and find your old Authorization Code Grant API client.
  2. Select Disable.
  3. Select OK.
  • Was this article helpful?