Creativity · MCP — server
MCP Workday Server
The MCP Workday Server exposes Workday's REST and SOAP APIs to MCP-compliant clients, letting an LLM agent read worker profiles, submit time-off requests, pull financial reports, and drive HR workflows. Most implementations are community-built on top of Workday's tenant-scoped OAuth 2.0, with enterprise deployments requiring an Integration System User and least-privilege domain security policies.
MCP facts
- Kind
- server
- Ecosystem
- anthropic-mcp
- Language
- TypeScript / Python (community forks)
- Transports
- stdio, http
Capabilities
- Tools: get_worker, list_workers, request_time_off, submit_expense_report, run_custom_report
- Resources: workday://worker/{id}, workday://report/{name}
- Auth: OAuth 2.0 bearer token scoped to Integration System User permissions
Install
npx -y @community/mcp-server-workdayConfiguration
{
"mcpServers": {
"workday": {
"command": "npx",
"args": ["-y", "@community/mcp-server-workday"],
"env": {
"WORKDAY_TENANT": "acme",
"WORKDAY_CLIENT_ID": "${WORKDAY_CLIENT_ID}",
"WORKDAY_CLIENT_SECRET": "${WORKDAY_CLIENT_SECRET}"
}
}
}
}Frequently asked questions
Is there an official Workday MCP server?
As of April 2026, Workday has not published an official Anthropic-endorsed MCP server. Production deployments rely on community implementations plus Workday's documented REST/SOAP APIs.
How does auth work for MCP Workday?
Workday requires an Integration System User (ISU) with a scoped security group. The MCP server uses OAuth 2.0 client credentials to obtain a bearer token and passes it on each API call.
What can an LLM safely do through MCP Workday?
Read-only tools (get_worker, run_report) are low risk. Write operations (time-off, expenses) should require human approval in the client and be scoped to the current user's own records.
Sources
- Model Context Protocol — Specification — accessed 2026-04-20
- Workday REST API documentation — accessed 2026-04-20
- MCP Servers repository — accessed 2026-04-20