The Workday MCP server lets your AI agents interact with Workday HR and finance data. Agents can retrieve employee profiles, check time-off balances and requests, explore organizational hierarchies, search for workers and positions, and view open requisitions — all read-only and scoped to the authenticated user's permissions.
Capabilities
Profile
| Tool | What It Does |
|---|
| Get my profile | Retrieve the authenticated user's own worker profile |
| Get my manager | Look up the authenticated user's direct manager |
| Get my reporting chain | View the full management chain above the authenticated user |
| List my direct reports | List workers who report directly to the authenticated user |
Time Off
| Tool | What It Does |
|---|
| Get my time-off balances | Check available time-off balances by plan |
| List my time-off requests | View the authenticated user's own time-off requests |
| List team time-off requests | View time-off requests for the authenticated user's team |
| List time-off types | List available time-off types in the organization |
| Get time-off plan | Retrieve details for a specific time-off plan |
Workers and Positions
| Tool | What It Does |
|---|
| Search workers | Search for workers by name, ID, or other criteria |
| Get worker | Retrieve a specific worker's profile by ID |
| Search positions | Search for positions across the organization |
| Search job profiles | Search for job profile definitions |
Organization
| Tool | What It Does |
|---|
| Search organizations | Search for organizational units |
| Get organization hierarchy | View the hierarchy for a specific organization |
Recruiting
| Tool | What It Does |
|---|
| List open requisitions | List currently open job requisitions |
📝 Note:
All Workday tools are read-only. The agent cannot create or modify HR records, submit time-off requests, or update organizational data.
OAuth Setup
The Workday MCP server uses OAuth to authenticate on behalf of each user. To enable this integration, you need to register an API client in Workday and provide the credentials to Devs.ai.
Step 1: Register an API Client in Workday
- Sign in to your Workday tenant as a security administrator.
- Search for the Register API Client task.
- Enter a name (for example, "Devs AI").
- Set the Grant Type to Authorization Code.
- Enter the redirect URL provided by your Devs.ai platform administrator.
- Add the required scopes for the data your agents need to access.
Step 2: Get Your Credentials
- After registration, Workday displays the Client ID.
- Generate and copy the Client Secret.
- Navigate to Organization > Connectors in Devs.ai.
- Find the Workday template and click Enable.
- Select OAuth as the authentication type.
- Enter your Client ID and Client Secret from Step 2.
- Select the tools you want to make available.
- Click Save.
When a user first interacts with an agent connected to Workday, they will be prompted to authorize access to their Workday account.
OAuth Configuration Reference
| Field | Value |
|---|
| Authorization URL | https://{tenant}.workday.com/oauth/authorize |
| Token URL | https://{tenant}.workday.com/oauth/token |
| Scopes | Configured per Workday tenant |
📝 Note:
Replace {tenant} with your Workday tenant hostname. The exact authorization URL and available scopes depend on your Workday configuration.
Additional Resources