Thanks everyone. We have a meeting with some stake holders Monday afternoon, so I should have a better idea at that point as to just what they do and don’t want/think we can do. At this point we don’t have any middleware or anything like that, I’d never heard of any of those applications myself. HR has been responsible for entering people into Workday through their web site, then the helpdesk creates the person’s AD/email accounts. I think that’s one of the areas they want to automate, once HR creates someone in Workday something happens to build out the AD and email accounts, but again I’ll know more next week. Thanks again for the responses. Ryan
From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Bodnar Sent: Friday, January 22, 2016 1:22 PM To: [email protected] Subject: [NTSysADM] RE: has anyone integrated with AD and Workday? We do federation/SSO with WD using PingFederate (AD FS provides the same functionality). Very simple SAML integration compared to some others. As far as having the HR system write back to AD directly, we don’t do that. Typically you have middleware that will accomplish user provisioning. Things in this space (Oracle Identity Manager, Tivoli Identity Manager, and Identity IQ). Depends on the size of your organization, and your needs. From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 21, 2016 2:52 PM To: [email protected] Subject: [NTSysADM] has anyone integrated with AD and Workday? Hi: I’ve been asked about linking our on-prem AD domain services with our HRIS system, Workday, which is cloud-based. I’m wondering if anyone has been through this process? From the Googling I’ve done, Workday does support ADFS for single signon, which is a good start, but I don’t think ADFS will let Workday read and write information to AD objects and let it do things such as create user accounts or update information or read user information for its own database. The obvious solution is to give them LDAP read/write access which kind of bothers me as I don’t want some 3RD party reading/writing to our AD like that. I’m wondering if there’s an option I’m missing on how this works? Thanks. Ryan Ryan Shugart Windows System Administrator MiTek USA, MiTek Denver 303-723-4975 MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. ________________________________ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
