We’re facing a critical SOX compliance issue with our scheduled integration jobs in Workday R1 2023. Our audit logs are not capturing failed job executions when they fail due to API authentication errors. The Integration Monitoring shows the failures, but they’re not being written to the audit trail that our external auditors review.
I’ve verified the Audit Trail scope assignment for our integration system user, and it has View permissions for Integration Systems. The OAuth2 scope configuration includes workday_audit_trail read access. However, when a scheduled REST API job fails with a 401 authentication error, there’s no corresponding entry in the audit log export.
Successful runs are logged properly, but authentication failures seem to bypass the audit trail entirely. This creates a significant gap in our compliance documentation. Has anyone encountered similar issues with Integration Monitoring permissions not flowing through to audit logs?
One additional consideration: verify that your Integration System Security Group has the ‘View Integration Errors’ permission in addition to audit trail access. This permission controls visibility into authentication-level failures. Also check if your OAuth2 client registration has the ‘Log Authentication Failures’ option enabled - it’s not on by default and must be explicitly configured during client setup or modification.
I’ve seen this before. The issue is that authentication failures at the OAuth2 layer happen before the integration context is fully established, so they don’t trigger the standard audit trail mechanism. You need to enable API Request Logging in addition to the audit trail. Check your Integration System Security configuration - there’s a separate permission for API Request Logging that’s independent of the audit trail scope.
We had the exact same gap identified during our last SOX audit. The workaround we implemented was creating a custom report that pulls from the Integration Event log rather than relying solely on the audit trail. The Integration Event log captures all authentication failures with timestamps and error codes. We schedule this report daily and append it to our audit documentation package. Not ideal, but it satisfies the auditors’ requirement for complete failure tracking.