We do federation/SSO with WD using PingFederate (AD FS provides the same functionality). Very simple SAML integration compared to some others. As far as having the HR system write back to AD directly, we don't do that. Typically you have middleware that will accomplish user provisioning. Things in this space (Oracle Identity Manager, Tivoli Identity Manager, and Identity IQ). Depends on the size of your organization, and your needs.
From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 21, 2016 2:52 PM To: [email protected] Subject: [NTSysADM] has anyone integrated with AD and Workday? Hi: I've been asked about linking our on-prem AD domain services with our HRIS system, Workday, which is cloud-based. I'm wondering if anyone has been through this process? From the Googling I've done, Workday does support ADFS for single signon, which is a good start, but I don't think ADFS will let Workday read and write information to AD objects and let it do things such as create user accounts or update information or read user information for its own database. The obvious solution is to give them LDAP read/write access which kind of bothers me as I don't want some 3RD party reading/writing to our AD like that. I'm wondering if there's an option I'm missing on how this works? Thanks. Ryan Ryan Shugart Windows System Administrator MiTek USA, MiTek Denver 303-723-4975 MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
