Blog Post

Microsoft Entra Blog
2 MIN READ

Give your HR and IT teams more reasons to cheer with improved integration between Workday & Azure AD

Alex Simons (AZURE)'s avatar
Jun 11, 2020

Howdy folks,

 

Last year we added inbound user provisioning from Workday to Azure AD, and customers like ASOS and Pernod Ricard are already using it to automate their HR and IT processes. Recently, we announced a strategic partnership with Workday that will bring more integrations for our joint customers. Today, we’d like to highlight three enhancements we’ve recently made in the Azure AD Workday integration.

 

Specify the version of Workday Web Services API you want Azure AD to use

 

Workday updates their APIs periodically, and customers want the ability to pick the API version that best meet their business needs. To keep up with the new features delivered by Workday, you can now specify the Workday API version when you setup Workday provisioning in Azure AD.

 

 

Outbound provisioning of phone numbers, from Azure AD to Workday

 

Once a user is provisioned in Azure AD from Workday, organizations normally manage phone numbers in Azure AD. You can now flow this information from Azure AD back to Workday by configuring attribute writeback. This writeback capability is also available for email and username attributes.

 

Disable Azure AD account when an employment offer is withdrawn

 

As part of the Workday Inbound provisioning, an Azure AD account is created as soon as the Workday New Hire business process completes. You can now configure the Azure AD user provisioning to handle offer rescind scenarios using a new flag in Workday called wd:Hire_Rescinded. This will cause the user account in Azure AD to be automatically disabled if an employment offer is rescinded, improving the security posture of your environment.

 

To learn more about these changes, check out our documentation on this topic. We are continuing to make additional enhancements in the Azure AD integration with Workday and we will keep you updated on our progress.

 

As always, we’d love to hear any feedback or suggestions you may have. Please let us know what you think in the comments below or on the Azure AD feedback forum.

 

Best regards, 

Alex Simons (Twitter: @Alex_A_Simons)

Corporate Vice President of Program Management

Microsoft Identity Division

 

Updated Jul 24, 2020
Version 3.0
  • Max380's avatar
    Max380
    Copper Contributor

    Hi Alex,

     

    Could you please provide more details on how a new Workday "Hire_Rescinded" flag is supposed to disable Azure AD account after the Workday New Hire business process is complete?

     

    I am using a new Workday API version - v41.0

    I was able to add a new custom XPATH values for Workday Attribute "Hire Rescinded"

     

    wd:Worker/wd:Worker_Data/wd:Employment_Data/wd:Worker_Status_Data/wd:Hire_Rescinded/text()

     

    https://learn.microsoft.com/en-us/entra/identity/app-provisioning/workday-attribute-reference

     

    Do I need to create a new Attribute Mapping (Expression) based on the wd:Hire_Rescinded attribute?

     

    accountDisabled -> Switch(....)