Thanks a lot Brian, I saw the AAD announcement earlier while googling around, and it did sound very much like what we're looking for. We don't do anything with Azure right now, including AAD, although I keep thinking that's an area we go into. So would the AAD bit be on top of or replace ADFS for SSO? I'm thinking we'd need to run both components but want to make sure my thinking is right. Ryan
From: [email protected] [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Thursday, January 21, 2016 3:38 PM To: [email protected] Subject: [NTSysADM] RE: has anyone integrated with AD and Workday? I have done the authentication piece a number of times. On the AD integration side, I've usually seen this done with flat files and something like MIM (Microsoft Identity Manager) to process them. Azure Active Directory Premium (AAD-P), however, has an interesting capability that may be of interest to you. You can configure AAD-P to do inbound synchronization from Workday according to some basic rules you define. The users can then be sync'ed back to your on-premises domain with AAD Connect. Thanks, Brian Desmond (w) 312.625.1438 | (c) 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 21, 2016 11:52 AM To: [email protected] Subject: [NTSysADM] has anyone integrated with AD and Workday? Hi: I've been asked about linking our on-prem AD domain services with our HRIS system, Workday, which is cloud-based. I'm wondering if anyone has been through this process? From the Googling I've done, Workday does support ADFS for single signon, which is a good start, but I don't think ADFS will let Workday read and write information to AD objects and let it do things such as create user accounts or update information or read user information for its own database. The obvious solution is to give them LDAP read/write access which kind of bothers me as I don't want some 3RD party reading/writing to our AD like that. I'm wondering if there's an option I'm missing on how this works? Thanks. Ryan Ryan Shugart Windows System Administrator MiTek USA, MiTek Denver 303-723-4975 MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
