@workos/mcp-docs-server 0.1.0

package/.docs/organized/docs/integrations/shibboleth-unsolicited-saml.mdx

@@ -0,0 +1,84 @@
+---
+title: Shibboleth Unsolicited SAML
+description: Learn how to configure a Shibboleth Unsolicited connection via SAML.
+icon: shibboleth
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: >-
+  .tmp-workos-clone/packages/docs/content/integrations/shibboleth-unsolicited-saml.mdx
+---
+
+## Introduction
+
+These instructions are for connecting to Shibboleth using the [UnsolicitedSSOConfiguration](https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631696/UnsolicitedSSOConfiguration). If the organization requires the [generic SAML 2.0 configuration](https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631694/SAML2SSOConfiguration) instead, please use the [Shibboleth Generic SAML provider documentation](/integrations/shibboleth-generic-saml).
+
+Each SSO Identity Provider requires specific information to create and configure a new [connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
+
+To create a Shibboleth Unsolicited SAML connection, you’ll need the Identity Provider metadata that is available from the organization's Shibboleth instance.
+
+Start by logging in to your WorkOS dashboard and browse to the “Organizations” tab on the left hand navigation bar.
+
+Select the organization you wish to configure a Shibboleth Unsolicited SAML connection for, and select “Manually Configure Connection” under “Identity Provider”.
+
+![Create New Connection in WorkOS Dashboard](https://images.workoscdn.com/images/c4cf0500-9155-42dd-aa2d-fd40fbbc79bc.png?auto=format&fit=clip&q=50)
+
+Select “Shibboleth Unsolicited SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+
+![Select Shibboleth Unsolicited SAML Provider](https://images.workoscdn.com/images/8a32ce47-1087-420d-87b3-49e031308ae7.png?auto=format&fit=clip&q=50)
+
+---
+
+## What WorkOS provides
+
+Once you’ve created your connection, WorkOS provides the [ACS URL](/glossary/acs-url), [SP Metadata](/glossary/sp-metadata) link, and [SP Entity ID](/glossary/sp-entity-id). It’s readily available in your connection settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the ACS URL, SP Metadata and SP Entity ID in the WorkOS dashboard.](https://images.workoscdn.com/images/a19338a8-f7a4-432a-8e7f-0f1b27a5422e.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Metadata link contains a metadata file that the organization can use to set up the Shibboleth Unsolicited SAML integration.
+
+The SP Entity ID is a URI used to identify the issuer of a SAML request and the audience of a SAML response. In this case, the SP Entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's Shibboleth instance, and that WorkOS is the intended audience of the SAML responses from the Shibboleth instance.
+
+---
+
+## What you’ll need
+
+In order to integrate you’ll need the Shibboleth IdP metadata.
+
+Normally, this information will come from the organization's IT Management team when they set up your application’s Shibboleth configuration. But, should that not be the case during your setup, here’s how to obtain them.
+
+---
+
+## (1) Enter Service Provider Details
+
+Copy and Paste the “ACS URL” and “SP Entity ID” into the corresponding fields for Service Provider details and configuration. For some Shibboleth setups, you can use the metadata found at the SP Metadata link to configure the Shibboleth connection.
+
+---
+
+## (2) Obtain Identity Provider Metadata
+
+Download the IdP metadata from the Shibboleth instance. Refer to the [Shibboleth documentation](https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/pages/928645275/MetadataForIdP) for more information on this metadata file. Keep in mind where the file was saved, as we’ll be uploading it later to configure the connection.
+
+---
+
+## (3) Configure Attribute Mapping
+
+At a minimum, the Attribute Statement in the SAML Response should include `id`, `email`, `firstName`, and `lastName` attributes. Refer to the [Shibboleth documentation](https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/pages/928645122/SAMLAttributeNaming) for more information on adding and mapping attributes.
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (4) Upload Metadata File
+
+In the connection settings in the WorkOS dashboard, click “Edit Metadata Configuration”.
+
+![A screenshot showing where to edit the IdP metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/eaf5a624-5a5a-4702-a4f8-1cb3d55ed6e9.png?auto=format&fit=clip&q=50)
+
+Upload the XML metadata file from Shibboleth into the “Metadata File” field and select “Save Metadata Configuration”. Your connection will then be linked and good to go!
+
+![A screenshot showing where to upload and how to save the IdP metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/ad7fc5c3-f3cf-4860-a219-00838ee5e766.png?auto=format&fit=clip&q=50)

package/.docs/organized/docs/integrations/simple-saml-php.mdx

@@ -0,0 +1,78 @@
+---
+title: SimpleSAMLphp
+description: "Learn how to configure a\_SimpleSAMLphp connection."
+icon: simple-saml-php
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/simple-saml-php.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+
+To create a SimpleSAMLphp SAML Connection, you’ll need the Identity Provider Metadata URL that is available from the organization's SimpleSAMLphp instance.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the [ACS URL](/glossary/acs-url), the [SP Metadata](/glossary/sp-metadata) Link and the [SP Entity ID](/glossary/sp-entity-id). They are readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the ACS URL, SP Metadata and SP Entity ID in the WorkOS dashboard.](https://images.workoscdn.com/images/e2c962f1-2fe9-470f-af1f-684fe651fcbc.png?auto=format&fit=clip&q=50)
+
+The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Metadata link contains a metadata file that the organization can use to set up the SAML integration. The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion.
+
+---
+
+## What you’ll need
+
+In order to integrate, you’ll need the [IdP Metadata URL](/glossary/idp-metadata).
+
+Normally, this will come from the organization's IT Management team when they set up your application’s SAML configuration in their SimpleSAMLphp instance. But, should that not be the case during your setup, here’s how to obtain it.
+
+---
+
+## (1) Configure SAML Application with Service Provider Details
+
+Follow the [SimpleSAMLphp documentation](https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html) to set up SimpleSAMLphp as an Identity Provider and add a new SP.
+
+Copy and paste the ACS URL and SP Entity ID into the corresponding fields for Service Provider configuration. You can find more on how to structure this under “Adding SPs to the IdP” in the SimpleSAMLphp documentation linked above.
+
+The necessary SP metadata can also be found in the SP metadata URL provided in the WorkOS Dashboard.
+
+---
+
+## (2) Configure SAML Attributes
+
+You will need to send the following 4 required attributes in the SAML Response: `firstName`, `lastName`, `email`, and `id`.
+
+Ensure the following attribute mapping is set:
+
+- A user’s first name → `firstName`
+- A user’s last name → `lastName`
+- A user’s email address → `email`
+- A unique identifier representing a user → `id`
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (3) Obtain Identity Provider Metadata
+
+Obtain the IdP Metadata URL. As noted in the ["Adding this IdP to other SPs" section of the SimpleSAMLphp documentation](https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html), the IdP metadata URL should be available from `/saml2/idp/metadata.php`.
+
+![A screenshot showing where to edit the IdP metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/07f6f9a0-4331-4124-b90e-dc8d24f7e2ea.png?auto=format&fit=clip&q=50)
+
+Alternatively, you can manually configure the connection by providing the IdP URI (Entity ID), [IdP SSO URL](/glossary/idp-sso-url) and X.509 Certificate.
+
+![A screenshot showing how to switch to manual IdP metadata configuration in the WorkOS dashboard.](https://images.workoscdn.com/images/07c47c03-354d-4df4-bdb9-bc25573aeb25.png?auto=format&fit=clip&q=50)
+
+![A screenshot showing how to manually configure the IdP metadata in the WorkOS dashboard.](https://images.workoscdn.com/images/d838649f-ee75-429e-94b2-c1693294b81c.png?auto=format&fit=clip&q=50)
+
+Your Connection will then be Active and good to go!

package/.docs/organized/docs/integrations/slack-oauth.mdx

@@ -0,0 +1,102 @@
+---
+title: Slack OAuth
+description: Learn how to set up OAuth with Slack.
+icon: slack
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/slack-oauth.mdx
+---
+
+# Introduction
+
+To configure your global Slack OAuth integration, you'll need two pieces of information from WorkOS and two pieces of information from Slack.
+
+From **WorkOS**:
+
+- A **Redirect URI** specific to Slack. This is where Slack will redirect users after they authenticate.
+- The **Slack** provider toggled on in the WorkOS Dashboard.
+
+From **Slack**:
+
+- A **Client ID**
+- A **Client Secret**
+
+Once you've finished configuration, users can authenticate into your application using their Slack accounts.
+
+---
+
+## What WorkOS Provides
+
+Within the [WorkOS Dashboard](https://dashboard.workos.com/), under **Authentication**, locate the **Slack** integration. There, you'll find the **Redirect URI**. After Slack completes the OAuth flow, it sends users (along with an authorization code) back to this URI.
+
+---
+
+## What You'll Need
+
+To integrate Sign in with Slack, you must have:
+
+1. An existing [Slack App](https://api.slack.com/apps).
+2. Your app's **Client ID** and **Client Secret**, found under your Slack App's settings.
+3. The WorkOS **Redirect URI**, which you'll add in Slack's OAuth & Permissions settings.
+4. (Optional) A Slack workspace for testing or development before going live.
+
+---
+
+## 1. Create or Open Your Slack App
+
+![A screenshot of the Slack API portal showing the create new app button](https://images.workoscdn.com/images/127f704d-ce13-49e0-9d82-2ba123547e3e.png?auto=format&fit=clip&q=80)
+
+1. Navigate to the [Slack App management page](https://api.slack.com/apps).
+2. If you don't already have a Slack App, click **Create New App**, provide a name, and choose the development workspace where you'll test.
+3. Once created, open your new Slack App to configure it.
+
+---
+
+## 2. Configure OAuth & Permissions
+
+![A screenshot of the Slack API portal showing where to configure your redirect URI](https://images.workoscdn.com/images/f0e7d586-a8e1-4a67-8c06-085dc4009b32.png?auto=format&fit=clip&q=80)
+
+1. In your Slack App's settings, go to **OAuth & Permissions** on the left-hand sidebar.
+2. Under **Redirect URLs**, add the **Redirect URI** from the WorkOS Dashboard.
+3. Click **Save URLs** to confirm.
+
+Under **Scopes**, ensure you request the standard OpenID scopes (e.g., `openid`, `profile`, `email`), which Slack requires for Sign in with Slack using OIDC.
+
+---
+
+## 3. Retrieve Slack Credentials
+
+1. Still in your Slack App's settings, find your **Client ID** and **Client Secret**.
+2. Copy both values, as you'll need to add them to WorkOS in the next step.
+
+---
+
+## 4. Provide Slack Credentials to WorkOS
+
+![Screenshot of the WorkOS dashboard showing how to enable Slack OAuth](https://images.workoscdn.com/images/df2c527f-73a9-443c-9117-8d0c80eb52ea.png?auto=format&fit=clip&q=80)
+
+1. In the [WorkOS Dashboard](https://dashboard.workos.com/), go to **Authentication** and scroll down to the **Slack** integration.
+2. Click **Edit**.
+3. Paste in the **Client ID** and **Client Secret** from your Slack App.
+4. Toggle **Enabled** on if it's not already.
+5. Save your changes.
+
+![Screenshot of the WorkOS dashboard with the Slack OAuth connection enabled](https://images.workoscdn.com/images/774bff39-e6cd-4535-aee9-778b1fa6dd8b.png?auto=format&fit=clip&q=80)
+
+---
+
+## 5. Test Your Sign in with Slack Flow
+
+Once you've configured everything:
+
+1. In your application, initiate the OAuth flow for Slack by directing users to WorkOS, specifying `SlackOAuth` as the provider.
+2. WorkOS will redirect users to Slack's sign-in screen.
+3. After successful authentication, Slack returns users to the WorkOS redirect URI along with an authorization code.
+4. WorkOS finalizes the authentication, and your application receives the user's Slack profile information.
+
+You're now ready to authenticate users with Slack in your production or development environment.
+
+---
+
+After completing these steps, your "Sign in with Slack" integration through WorkOS should be fully functional. If you need further guidance on scopes, token rotation, or JWT validation, see Slack's [Sign in with Slack documentation](https://api.slack.com/authentication/sign-in-with-slack) and the [WorkOS SSO documentation](/reference/sso).

package/.docs/organized/docs/integrations/supabase.mdx

@@ -0,0 +1,68 @@
+---
+title: Supabase
+description: Learn how to use WorkOS with your existing Supabase applications.
+icon: supabase
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/supabase.mdx
+---
+
+## Introduction
+
+This guide outlines the steps to make WorkOS SSO connections available to your Supabase application. It will require a few changes to your existing Supabase application code.
+
+---
+
+## (1) Copy WorkOS Client ID and API Key
+
+Supabase uses the WorkOS Client ID and API Key to initiate the authentication flow and to return the SSO user profile. The first step is finding the Client ID and the API Key in the WorkOS dashboard.
+
+In the WorkOS dashboard, go to **Configuration** and under the "Settings" tab and copy the Client ID.
+
+![A screenshot showing where to find the Client ID in the WorkOS dashboard configurations page.](https://images.workoscdn.com/images/5cdbbd7e-2141-470c-8b86-b0876974e58a.png?auto=format&fit=clip&q=50)
+
+Select **API Keys** on the left-side navigation bar and either copy an existing API Key or create a new API Key and copy it.
+
+![A screenshot showing where the WorkOS API Key is in the dashboard.](https://images.workoscdn.com/images/fe6c9ad1-f04a-4335-9752-4ef149fa3147.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Add your WorkOS credentials into your Supabase Project and configure the Redirect URL
+
+Sign in to Supabase and then go to your Supabase Project Dashboard. Navigate to **Authentication** → **Explore Auth**.
+
+![A screenshot showing when to the Authentication section is in the Supabase project dashboard.](https://images.workoscdn.com/images/f773aeb8-5bee-4eba-89a0-62441a79be11.png?auto=format&fit=clip&q=50)
+
+Select the Providers tab and scroll down to WorkOS and enter the WorkOS URL as **https://api.workos.com**. Then enter the Client ID and API Key copied from the WorkOS Dashboard, toggle to enable WorkOS as a provider and click **Save**.
+
+![A screenshot showing how to enable WorkOS as a provider in Supabase and input the WorkOS URL, Client ID and Secret Key.](https://images.workoscdn.com/images/c275b3f4-807c-4961-916b-c0ed2d6717dd.png?auto=format&fit=clip&q=50)
+
+Copy the Redirect URL from the WorkOS provider section. In the WorkOS dashboard navigate to **Configuration** → **Settings** → **Redirect URIs** and click **Edit Redirect URIs** to input the copied Redirect URL.
+
+![A screenshot showing where to add the WorkOS Redirect URL.](https://images.workoscdn.com/images/27ad127c-3631-45d0-aedc-39ab90f03ed6.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Add login code to your client app
+
+When a user signs in, call `signInWithOAuth` with `workos` as the provider. Pass in a Connection ID, Organization ID, or provider type (for OAuth) under `queryParams`.
+
+<CodeBlock>
+  <CodeBlockTab
+    language="js"
+    file="supabase-sso-connection"
+    title="Connection"
+  />
+  <CodeBlockTab
+    language="js"
+    file="supabase-sso-organization"
+    title="Organization"
+  />
+  <CodeBlockTab language="js" file="supabase-sso-provider" title="Provider" />
+</CodeBlock>
+---
+
+## Summary
+
+With a few lines of code, you can add WorkOS as an SSO provider and enable features like the admin portal and dozens of integrations within your Supabase application.

package/.docs/organized/docs/integrations/vmware-saml.mdx

@@ -0,0 +1,100 @@
+---
+title: VMware
+description: "Learn how to configure a connection to\_VMware via SAML."
+icon: vmware
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/vmware-saml.mdx
+---
+
+## Introduction
+
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+
+---
+
+## What WorkOS provides
+
+WorkOS provides the [SP Metadata](/glossary/sp-metadata) link. It’s readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+
+![A screenshot showing where to find the SP Metadata in the WorkOS dashboard.](https://images.workoscdn.com/images/e253ad08-a85b-4586-bf8c-970059eb286c.png?auto=format&fit=clip&q=50)
+
+---
+
+## What you’ll need
+
+Next, you will provide the Metadata URL from VMware.
+
+Normally, this information will come from the organization's IT Management team when they set up your application’s SAML 2.0 configuration in their VMware admin dashboard. But, should that not be the case during your setup, here’s how to obtain it.
+
+---
+
+## (1) Create a new SaaS Application
+
+In your Workspace ONE Catalog, click “New”. Give your application a descriptive name.
+
+![A screenshot showing how to create new application in VMware.](https://images.workoscdn.com/images/576ed672-e030-4f1e-936e-c04d33ff7dfd.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Basic SAML Configuration
+
+Click the “Configuration” tab from the left sidebar.
+
+Copy the SP Metadata Link from your VMware connection in the WorkOS dashboard and paste it in the URL/XML field under Configuration in Workspace One.
+
+![A screenshot showing where to input WorkOS SP metadata when configuring VMware application.](https://images.workoscdn.com/images/6d7bace5-a513-4782-ac18-8327b5e364a3.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Advanced SAML Configuration
+
+Continue scrolling and expand “Advanced Properties”.
+
+![A screenshot showing where to find "Advanced Properties" dropdown in VMware application.](https://images.workoscdn.com/images/dc6d711a-104c-4cd6-bca7-dff852dbb2c9.png?auto=format&fit=clip&q=50)
+
+Enable “Sign Assertion” and “Include Assertion Signature”.
+
+![A screenshot showing where to enable "Sign Assertion" and "Include Assertion Signature" in VMware application.](https://images.workoscdn.com/images/98b0a17a-51a4-41c4-87be-1ffadfce96aa.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Configure Attribute Map
+
+Continue scrolling until “Custom Attribute Mapping”.
+
+![A screenshot showing where to find "Custom Attribute Mapping" in VMware application.](https://images.workoscdn.com/images/d35112ac-5d76-47c4-aa6c-436321d30b06.png?auto=format&fit=clip&q=50)
+
+Fill in the following attribute mappings and select “Next” until you are prompted to “Save”.
+
+- `id` → `${user.objectGUID}`
+- `firstName` → `${user.firstName}`
+- `lastName` → `${user.lastName}`
+- `email` → `${user.email}`
+
+![A screenshot showing how to configure attribute mappings in VMware application.](https://images.workoscdn.com/images/2ef20a4a-9095-4c35-85b8-cf4e16c79da9.png?auto=format&fit=clip&q=50)
+
+Some VMware configurations use `user.ExternalId` instead of `user.objectGUID`. In this case, you would map the id attribute to `user.ExternalId`.
+
+### Role Assignment (optional)
+
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named `groups`.
+
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+
+---
+
+## (5) Upload Metadata URL
+
+After saving your SaaS Application, click “Settings” then “SAML Metadata”. Click on “Copy URL” next to “Identity Provider (IdP) metadata”.
+
+![A screenshot showing where to find metadata URL in VMware application.](https://images.workoscdn.com/images/f99932ab-8828-4b78-a044-0c19c35859dd.png?auto=format&fit=clip&q=50)
+
+Back in the WorkOS Dashboard, click on “Edit Metadata Configuration” in the “Metadata Configuration” section of the Connection.
+
+![A screenshot showing where to edit the IdP metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/d743c922-1517-4dd2-80ab-cab5e4a9c53f.png?auto=format&fit=clip&q=50)
+
+Finally, input the Metadata URL and click “Save Metadata Configuration”. Your Connection will then be linked and good to go!
+
+![A screenshot showing how to configure IdP metadata URL in the WorkOS dashboard.](https://images.workoscdn.com/images/30130529-4132-45f6-aa33-70d8760612fd.png?auto=format&fit=clip&q=50)

package/.docs/organized/docs/integrations/workday.mdx

@@ -0,0 +1,156 @@
+---
+title: Workday
+description: "Learn about syncing your user list with\_Workday."
+icon: workday
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/workday.mdx
+---
+
+## Introduction
+
+This guide outlines how to synchronize your application’s Workday directories.
+
+To synchronize an organization’s users and groups provisioned for your application, you’ll need the following information from the organization:
+
+- The Workday Custom Report JSON endpoint
+- The Workday Custom Group Report JSON endpoint
+- Username for accessing the Custom Report endpoint
+- Password for accessing the Custom Report endpoint
+
+> Note: The Workday integration isn't enabled by default in the WorkOS Dashboard or Admin Portal. Please reach out to [support@workos.com](mailto:support@workos.com) or via your team’s WorkOS Slack channel if you would like Workday enabled.
+
+---
+
+## (1) Create an Integration System User
+
+It’s recommended that the organization creates an Integration System User within Workday. The Integration System User will be used to access Custom Reports.
+
+![A screenshot of the "Create Integration System User" form in the Workday Dashboard.](https://images.workoscdn.com/images/24b0561d-cd74-46a1-939e-3c76ead90c89.png?auto=format&fit=clip&q=50)
+
+> If you’ve finished the setup, and everything works as expected but fields are missing from the Report, ensure that the user created has access to access to the fields.
+
+![A screenshot showing user access to a report in the Workday Dashboard.](https://images.workoscdn.com/images/7e3e33f1-3724-4ff9-a4b6-ad2ac475ccb3.png?auto=format&fit=clip&q=50)
+
+---
+
+## (2) Create a Security Group
+
+Create a new security group in Workday. Set the Type of Tenanted Security Group to Integration System Security Group (Unconstrained). Then add a name for the Security Group and select OK.
+
+![A screenshot showing the "Create Security Group" form in the Workday Dashboard.](https://images.workoscdn.com/images/5e24e9d0-fba3-4e1d-8782-67c6491b3652.png?auto=format&fit=clip&q=50)
+
+Next, for Integration System Users, add the integration system user you created in the previous step, and select OK.
+
+![A screenshot showing where to add the Integration System User in the Workday Dashboard.](https://images.workoscdn.com/images/5483b3eb-3995-48b6-8718-a4eb07ccf681.png?auto=format&fit=clip&q=50)
+
+---
+
+## (3) Add domain security policies to the Security Group
+
+Next, you’ll need to add domain security policies to the newly created security group. You can access this on the Security Group Settings → Maintain Domain Permissions for Security Group page.
+
+![A screenshot showing where to find the "Maintain Domain Permissions for Security Group" option in the Workday Dashboard.](https://images.workoscdn.com/images/592f1450-d6d4-4a47-adef-6d1ce9007f4a.png?auto=format&fit=clip&q=50&w=2048)
+
+You’ll need to permit the following domain security policies to have “Get” access under Integration Permissions:
+
+- Person Data: Work Contact Information
+- Workday Accounts
+- Worker Data: Active and Terminated Workers
+- Worker Data: All Positions
+- Worker Data: Business Title on Worker Profile
+- Worker Data: Current Staffing Information
+- Worker Data: Public Worker Reports
+- Worker Data: Workers
+
+![A screenshot showing Integration Permissions in the Workday Dashboard.](https://images.workoscdn.com/images/32f4bae2-9ef0-4a7b-a27e-6c28268298d6.png?auto=format&fit=clip&q=50)
+
+To activate these new security settings, you need to go to the Activate Pending Security Policy Changes page and click OK.
+
+![A screenshot showing the Activate Pending Security Policy Changes page in the Workday Dashboard.](https://images.workoscdn.com/images/2c708837-b39d-454f-90b0-acfe377d4ad5.png?auto=format&fit=clip&q=50)
+
+Then, select the Confirm checkbox to finish activating.
+
+![A screenshot showing where to confirm the Active Pending Security Policy Changes in the Workday Dashboard.](https://images.workoscdn.com/images/664f3905-d9e6-4390-b210-1e7eaffa25c2.png?auto=format&fit=clip&q=50)
+
+---
+
+## (4) Create and Populate Custom Reports
+
+You will need to create two Custom Reports. The first Custom Report will be used for syncing User information. The second report will be used for syncing Group information.
+
+When creating the report, make sure to select the Advanced report type and to have the Enable as Web Service box checked.
+
+![A screenshot showing the "Create Custom Report" page in the Workday Dashboard.](https://images.workoscdn.com/images/8fa8ffb7-e377-4289-a130-3719646dea8a.png?auto=format&fit=clip&q=50)
+
+You need to add information for certain fields to the report. You can do this by directly adding columns to the report for the attributes in Workday with column heading names specified as follows:
+
+<DirectorySyncWorkdaySchemaTable.Users />
+
+![A screenshot showing an example of Custom User Report in the Workday Dashboard.](https://images.workoscdn.com/images/d3d4bb22-b4c8-467a-a3b4-bd0e6b4d2aea.png?auto=format&fit=clip&q=50)
+Along the same lines as the User Report, WorkOS looks for the following information in the Group Report:
+
+<DirectorySyncWorkdaySchemaTable.Groups />
+
+---
+
+## (5) Add an authorized user
+
+If an Integration System User was created, the organization will want to have that user added as an authorized user. This can be found under the **Share** tab from within a Report.
+
+![A screenshot showing the "Share" tab in the Workday Dashboard.](https://images.workoscdn.com/images/8794da9c-89ca-4b84-842b-3f3fe6648d39.png?auto=format&fit=clip&q=50)
+
+---
+
+## (6) Get the RaaS endpoint
+
+Now that the Report itself is setup and access to it had been configured, the organization will need to get the RaaS endpoint. The page with the endpoints can be found under **Actions → Web Service → View URLs**.
+
+![A screenshot showing where to find the view URLs option in the Workday Dashboard.](https://images.workoscdn.com/images/d212438c-951b-464f-aa42-2bebd0e2bdf2.png?auto=format&fit=clip&q=50)
+
+Once on the URLs page, the one that WorkOS will need is listed under the **JSON** section.
+
+![A screenshot showing the View URLs Web Service page in the Workday Dashboard.](https://images.workoscdn.com/images/8698f25c-22bc-48ee-82c7-5fa885b20215.png?auto=format&fit=clip&q=50)
+
+---
+
+## (7) Create your Directory Sync Connection
+
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+
+Select the organization you’ll be configuring a new Directory Sync Connection with.
+
+Click “Add Directory”.
+
+![A screenshot showing where to find the "Add Directory" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/6244ae58-85a4-4c14-b6c0-c12bca04408e.png?auto=format&fit=clip&q=50)
+
+Select “Workday” as the directory type, and then input the Company Name.
+
+Click the “Create Directory” button.
+
+![A screenshot showing the "Create Directory" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/27e9b01f-52e6-433b-af33-38eb3961dc70.png?auto=format&fit=clip&q=50)
+
+---
+
+## (8) Setup your Directory Sync Connection
+
+Click “Update Directory” to input the organization's Custom Report JSON endpoints, username and password.
+
+![A screenshot showing where to find the "Update Directory" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/0c51f74e-8705-4193-93db-126a61bb367c.png?auto=format&fit=clip&q=50)
+
+Then, click “Save Directory Details”.
+
+---
+
+## (9) View users and groups in your dashboard
+
+Now, whenever the organization assigns users or groups to your application, you’ll receive Dashboard updates based on changes in their directory.
+
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+
+## Frequently asked questions
+
+### How often does the Workday directory perform a sync?
+
+The Workday directory polls in every 30 minutes starting from the time of the initial sync.