Security – Workday
Sending Rates
FXLoader sends rates by calling a web service provided by Workday, which requires a username and password. Workday recommends this is an ISU (Integration System User) that exists in Workday and have the access needed to create currency rates.
When
The ISU must be created in Workday before setting up the Instance in FXLoader.
Workday User Requirements
For loading to production, we recommend creating an ISU which only has the ability to create currency rates. The ISU will be used to call the Financial Management web services Put_Currency_Conversion_Rate or Import_Currency_Conversion_Rates depending on the volume of rates you need to load.
The ISU needs access to the Domain 'Set Up: Currency Rates'.
The following are the high level instructions for creating the ISU:
Create an Integration System User and an Integration Security Group.
Assign the Integration User to the Integration security group.
Then use that security group to add security policy access. The Domain we need to add is called 'Set Up: Currency Rates'. Add the user/security group under the 'Integration Permissions ' section (not the 'Report/Task Permissions' section at the top).
Run any processes needed to register these changes (e.g. Activate Pending Security Policy Changes).
Password Expiry
If your policies allow the password to be set to never expire, we suggest you use this for the ISU in Workday.
If not, we recommend you set a reminder to change the password before it expires, to avoid disruption to the FXLoader jobs. It will need to be changed in Workday and updated in FXLoader. There are separate instructions in the Support section of our website for updating the password in FXLoader, or our support team can do it on request.
If the password does expire, the next FXLoader run will fail with a message indicating a problem with the username or password. Our support team will act on this notification and help you resolve it.
Password Storage
The Workday ISU username and password are entered against the Instance in the FXLoader Cloud Service. These are stored and used in the call to the Workday web services/API.
The following security applies to the password entered against the Instance:
The password field is never displayed, and the type of field used means it is never stored in session state.
The password is encrypted in the database using DBMS_CRYPTO with AES256 encryption.
Best practices for storage are used, including separate randomly generated keys and schema separation.