> ## Documentation Index
> Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Workday groups and roles

> Learn how to manage access to Workday groups and roles.

Opal’s integration with Workday allows administrators to view and manage user access to Workday entities, such as User Security Groups and Organization Roles, which are typically tied to Domain Security Policies and Role Based Security Groups, respectively.

## 1. Add additional Domain Security Policy Permissions in Workday

Go to the Workday Search bar, enter **Maintain Permissions for Security Group**, and select the corresponding Task.

<img src="https://mintcdn.com/opalsecurity/TlQj9FwRe9HHNEYB/images/docs/0dc8eee-Screenshot_2024-08-08_at_10.55.08_AM.png?fit=max&auto=format&n=TlQj9FwRe9HHNEYB&q=85&s=57f257f31b9730c30238eb293dfb2f9d" alt="2312" width="1092" height="366" data-path="images/docs/0dc8eee-Screenshot_2024-08-08_at_10.55.08_AM.png" />

In the task modal, first set the **Operation** to **Maintain** and set the **Source Security Group** to the Security Group you created in Step 2 of *Getting Started*.

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/4454c3a-Screenshot_2024-08-08_at_10.56.01_AM.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=840572067d192b66dfc3c32f6be03f01" alt="2312" width="2006" height="888" data-path="images/docs/4454c3a-Screenshot_2024-08-08_at_10.56.01_AM.png" />

Then, edit the **Domain Security Policy Permissions** and add the following operations:

| View/Modify Access | Domain Security Policy                   |
| ------------------ | ---------------------------------------- |
| GET and PUT        | User-Based Security Group Administration |
| GET ONLY           | Manage: Organization Roles               |
| GET ONLY           | Manage: Organization Integration         |

## 2. Edit Business Security Policy in Workday

Navigate to the Workday Search bar, enter **Edit Business Security Policy**, and select the corresponding Task.

<img src="https://mintcdn.com/opalsecurity/lt0M-hBs5yNe5ff5/images/docs/9923075ed459e6f31df9f3a9ee444dc17fa86ee0aaf552fdafaf10f9872c3a41-image.png?fit=max&auto=format&n=lt0M-hBs5yNe5ff5&q=85&s=a3d7aa8d90e5ad6c454d1215da6cb8d0" alt="" width="581" height="136" data-path="images/docs/9923075ed459e6f31df9f3a9ee444dc17fa86ee0aaf552fdafaf10f9872c3a41-image.png" />

In the task modal, set Business Process Type to **Assign Roles**.

<img src="https://mintcdn.com/opalsecurity/E-CmJXh0QNjZUl4g/images/docs/56234167960422b496779be09a2ff3e5eabb8e36b04390a84056db832715bcd0-image.png?fit=max&auto=format&n=E-CmJXh0QNjZUl4g&q=85&s=10887035c797c79f3402f104005feb76" alt="" width="792" height="382" data-path="images/docs/56234167960422b496779be09a2ff3e5eabb8e36b04390a84056db832715bcd0-image.png" />

Then, add the Security Group you created in Step 2 of *Getting Started* to **Assign Roles (Web Service)**.

<img src="https://mintcdn.com/opalsecurity/TlQj9FwRe9HHNEYB/images/docs/0d4cf8362cfc89798c02449acf8d01894e642c9d341df5a19cb09dbd603d362e-image.png?fit=max&auto=format&n=TlQj9FwRe9HHNEYB&q=85&s=93712c06b87eaf7ec8bb5a0acf7ebc6d" alt="" width="694" height="824" data-path="images/docs/0d4cf8362cfc89798c02449acf8d01894e642c9d341df5a19cb09dbd603d362e-image.png" />

## 3. Activate All Pending Authentication Policy Changes in Workday

Navigate to the Workday Search bar, enter **Activate All Pending Authentication Policy Changes**, and select the corresponding Task.

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/40b3c1d-Screenshot_2024-08-08_at_3.04.13_PM.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=3942f8cd9fa5e16a35f04adaf9ce7271" alt="2312" width="864" height="292" data-path="images/docs/40b3c1d-Screenshot_2024-08-08_at_3.04.13_PM.png" />

Add any comments, review, and check the **Confirm** box to activate the Authentication Policy Changes.

## 4. Import Workday items in Opal

In Opal, go to the **Inventory** and select the **Workday** app, then in the upper left, select **...** > **Import items**. Select the User Based Security Groups and Organization Roles that you want to manage.

<img src="https://mintcdn.com/opalsecurity/4Xj9diJ3E3kX-9Xd/images/docs/eb70ffabfc14afc803eba704d44085b394683017a78dea924e4b70dad2a833e4-Screenshot_2024-10-03_at_10.45.03_AM.png?fit=max&auto=format&n=4Xj9diJ3E3kX-9Xd&q=85&s=a3f5173fdae86c8fc144fe985f482d2e" alt="" width="2992" height="1650" data-path="images/docs/eb70ffabfc14afc803eba704d44085b394683017a78dea924e4b70dad2a833e4-Screenshot_2024-10-03_at_10.45.03_AM.png" />