Security
The Dayforce OData services are secured using the same methods that are applied to the Dayforce reporting and web application features. This security scheme is driven by the access rights of the authenticated user and their default OData role.
Microsoft Excel and Power BI store user credential information for OData connections at the machine level relative to the user who is currently logged into the machine’s operating system. Clients are strongly encouraged to take precautions to prevent:
- Users from leaving PCs unattended and unlocked
- OData connections from being established on public or kiosk PCs.
As with downloaded reporting and export files, it's your responsibility to ensure data from Dayforce remains secure once it has been extracted from the Dayforce application.
SSO User Access to OData
OData currently supports Basic Authentication only, which means that SSO access isn’t available. Instead, users must provide their Dayforce-specific credentials to authenticate. To support OData access by SSO users, Dayforce uses its email password reset process.
You must ensure that users have role access to Profile > Profile Menu > Settings > Security so that they can set up their security questions, which are used when the user requests a password reset.
You (or your administrator) must also enable email password resets in the Messages section of the Properties tab in System Admin > Client Properties, as shown below:
- When you sign in to Dayforce using SSO, the Apps tab detects it and displays sets of instructions designed to expose your Dayforce-specific user name and instructions for changing and maintaining your password.
- You’re directed to enter your email address and complete the email verification process, provided you haven’t already completed this process.
- You’re directed to configure your security questions if you haven’t already done so.
- When you have verified your email address and have set up your security questions, the instructions include a link that allows you to initiate the email password reset process.
- If, as an SSO user, need to reset your password at any point in the future, you can do so by returning to the Apps tab and clicking the link.
Rate Limits
Rate limits are limits that control the number of requests that can be processed for each organization in a given timespan. These rate limits are automatically enforced at the OData service level to ensure a consistent experience across all customers. The limits per client are:
- Up to 10 requests per second
- Up to 20 requests per minute
- Up to 50 requests per hour
Each action that results in data (including lists of available reports) being retrieved from Dayforce is considered a request. If the rate limit is reached by an organization, its associated users will encounter error messages that note that the maximum number of requests has been exceeded. When the time limit expires for an exceeded limit, the rate counter starts over and requests can be processed normally.
Support and Acceptable Usage
You can establish an OData connection to Dayforce within verified business-level applications that have built-in OData (version 4) support. The following versions of Microsoft Excel and Microsoft Power BI have been verified for use with the HCM Anywhere OData feature:
- Microsoft Excel 2013 (requires Microsoft’s Power Query add-in)
- Microsoft Excel 2016 (built-in OData support)
- Microsoft Power BI Desktop version 2.39 and later
Because OData is a common protocol, other applications might work with the HCM Anywhere OData feature, but Dayforce can’t guarantee successful connections or interactions. Users who choose analytical tools other than those noted above do so with the understanding that Dayforce can’t offer guidance or support.
The HCM Anywhere OData feature is designed for use by individual end users. OData isn’t available as a replacement for Dayforce web services, and using this feature as a development tool or basis for system-to-system integrations is a violation of the Dayforce terms of acceptable use, which might lead to the feature being disabled.