Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Allow BambooHR to write to AD Azure when a new starter is created so it creates a new user. HRaaM.
Okta has the ability to use HR as a source of truth and are really engaging with HR as a master for AD. I know Bamboo can do that with Okta and Workday can as well. This would be a great way to have a flawless clear process using HR systems. From recruiting, to creating an employee in the system and then pushing it to ADAzure. Otherwise it's better to go with Okta. Higher price point but lower risk.
59 votesThank you for your feedback. Please keep voting to help us prioritize this request.
-
Support for Workday "Integration System" custom attributes
Sourced from https://github.com/MicrosoftDocs/azure-docs/issues/21671
Adjust Workday web service call (get_workers) by adding a reference criteria call
As an AD Admin, I would like the Azure AD Workday connector to support "integration system" attributes which are retrieved through special modification to the Get_Workers() API call.
It would be beneficial if the web service call for workers could be adjusted to call another integration to get values that the normal API call won't get.
Example: Some values needed or recommended for provisioning might be part of custom objects or derived from other objects in Workday.
What I propose is that you at least…57 votesWe’re reviewing this feature as part of upgrading to the latest Workday API.
Please keep voting to help us prioritize.
/Luis
-
Workday-driven automatic AD group assignment
When a new AD account is created using Workday, it should be possible to assign birthright AD groups to the user automatically.
34 votesThank you for your feedback. We are reviewing this feature request and we will post an update on it. Please keep voting so we can prioritize it.
Thanks,
Chetan -
*Workday to Azure AD UPN attribute our requirement is upn and email should create like this firstnamefirstletterandlastname@domain.com.au
*Workday to Azure AD UPN attribute
our requirement is upn and email should create like this firstnamefirstletterandlastname@domain.com.au
for ExampleFirstname : Sam
lastname :Dood
upn should like this sdood@domain.com.au
With the help of an expression its creating no issue.Issue is if we have a duplicate user and if the upn already exist in Azure AD ,based on our expression user is not provisioning .Not sure the expression is correct.
we need to create upn based on this requirement firstnamefirst2letterandlastname@domain.com.aufor example Samson Dood
First Name : Samson
Last Name :DoodUPN should create like this : sadood@domain.com.au
Please provide…
22 votesCurrently SelectUniqueValue function only works with Workday/SuccessFactors to on-premises AD User Provisioning app.
After further review, realized that this feedback item is a request to enable use of SelectUniqueValue function in the Workday to Azure AD User Provisioning App. Hence reactivating it. This is in our backlog, but not scheduled yet. -
workday: allow writeback of matching user employee id from different ERP system
The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.
20 votes -
Workday to AAD/AD provisioning query scope
Workday to AD/AAD provisioning
please add the ability to scope the query passed to getworkers api. For instance, pass to getworkers company=schoolA.
Workday is now implementing shared tenants in the EDU space. In a shared tenant, the current query to get_workers pulls all workers and then allows scoping. but the worker data for all schools has to be pulled before it can be scoped. The result is AAD audit logs saturated with other schools employee data. Also need to be able to control audit data written to azure activity logs, or at least be able to clear the…20 votesHi we are working on pulling the provisioning events out of the audit logs so that they are easier to manage. I’ll reach out to people internally about being able to set the scope to a particular school.
/ Arvind
-
Workday trigger delta sync
The ability to trigger a delta sync in the Workday provisioning application would be helpful during development of the connector as well as for emergency scenarios. In addition, the ability to change the sync interval (15 min afaik) to something different.
18 votesHi we are working on the ability to sync a specific user / group on demand so you don’t have to wait for the next sync cycle.
/Arvind
-
Inbound provisioning from Oracle
Would like something similar to the inbound provisioning for workday to be available for Oracle HCM hr system.
13 votes -
Workday inbound provisioning to AD - allow password to be set and sent mail
Please add more control when provisioning AD accounts, with Workday as source, about how password can be provided to manager and/or generic mail address.
Send password to email address: Enter the email address to which you want the password sent.
Send password to user’s manager: Sends the password to the manager’s email address. Ensure that you have the email address specified in Workday.
Send password to user’s personal email: Sends the password to the user’s personal email address. Ensure that you have the email address specified in Workday.
If you have more than one option selected, the password is sent…
11 votes -
workday inbound provisioning - allow remote mailbox enable task during provisioning for hybrid Exchange scenario
Allow the execution of Powershell commands as task during provisioning. In that case also "enable-RemoteMailbox" task is possible to automate and therefore no separate tasks are needed outside the provisioning engine and it can all be integrated.
10 votes -
Workday to OnPremise Sync with non Global Admin Account
In the current configuration of the "Workday to Active Directory Provisioning" you are required to create an account in Azure with Global Admin permissions to be used by the onPremise agent. All changes made to Active directory are made in the onPremise AD and not in Azure and the permissions appear to be above the needed level in order to maintain our security delegation of lowest level required to perform a task.
Is there are a solution to have the interaction between onPremise Agent, Azure and Workday that does not require this level of permission?9 votesThanks for your feedback. This is work planned for the next version of the agent.
/Luis
-
Date time comparison in scoping filter of Workday to AD provisioning service
We want to control user provisioning/deprovisioning based on termination date comparing it with current date using scoping filter.
Can you please introduce this feature so that it will ease implementation process.Reason: In some environment we need to control this with time comparison.
8 votes -
Support synchronization and modification of binary attributes
Add support for the synchronization of binary attributes within the Azure AD provisioning / sync system.
Example: The Workday to AAD or ADDS integration allows you to extend the attribute list (e.g. photo). AAD is able to receive that attribute but wont be able to sync it to AAD or ADDS due to size limitations on the photo attributes (<100k).
In best case, provide us with a function which can be used in a expression of the attribute mappings. Possible ways: 1) photo specific function which allows you to provide pixel height and/or width (if only one is specified the…
8 votesThanks for your feedback. This is under review. Please keep voting up to help us prioritize.
Thanks,
Luis -
inbound provisioning talent
Support inbound provisioning from Dynamics 365 for Talent to Azure AD. If this can work for Workday, it should work for Microsoft's flagship HCM.
7 votes -
workday to Azure AD automatic user provision
We are implementing the Workday Azure AD automatic user account provisioning for our client and we are facing below issues.
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial
*Workday account username is employeeID. As of now, the employeeID attribute is blank at Azure
Issue 1: Automatic provisioning creates the duplicate user record at Azure with email id as userid@domain(20955@clientdomain.com), whereas the client is using their own logic to create the email ids (firstname+MiddleName_Lastname@clientdomain.com). After provisioning of accounts, we are getting duplicate records with different email ids.
Issue 2: Automatic Provisioning is not updating the employeeId attribute in the Azure user account even when…
7 votes -
Workday to AD provisioning - Disable AD users after Account_Disabled attribute instead of Active attribute
User would like to have a feature implemented:
- That the account in AD is disabled responding to Accountdisabled in Workday Account instead of the "Active" attribute from the Worker object.
- That the Expiration Date in AD is updated with the Accountexpiration_Date of the Workday Account.This requires the API call GetWorkdayAccount, from WorkDay's v34.1 API
Here's the API documentation that specifies the XML for that call: https://community.workday.com/sites/default/files/file-hosting/productionapi/Human_Resources/v34.1/Get_Workday_Account.html
6 votes -
Support inbound provisioning from TalentSoft to Azure AD
Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.
6 votesThis integration is not planned but please keep voting so we can prioritize it.
/Luis
-
SelectUniqueValue function should check AD Global Catalog for uniquenesss
When configuring Workday to Active Directory User Provisioning integration with multiple child domains, it will be beneficial if the SelectUniqueValue function checks for uniqueness of samAccountName and userPrincipalName across the forest by querying the global catalog.
6 votes -
How to deactivate users based on last day of work from Workday?
I am searching for a solution how to feed the AzureAD attribute accountExpires from the StatusTerminationLastDayOfWork on the day of Last Day Of Work which is often before the Termination Effective Date
4 votes -
Be able to remove transactionlogdata as a critical attribute
We're trying to use the Workday connector to automatically deprovision users, with a bare essentials standard mappings list, but whenever transactionlogdata information is updated in workday, this causes all users to resync and their UAC is overwritten, which puts Domain Controllers under stress due to the many thousand simultaneous writes. We have no mappings that are relevant to transactionlogdata, but we've been told removing it from the advanced attributes will break functionality. I can't see any logical reason why you'd need to process that data, if we tell you not to?
3 votes
- Don't see your idea?