Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Allow BambooHR to write to AD Azure when a new starter is created so it creates a new user. HRaaM.
Okta has the ability to use HR as a source of truth and are really engaging with HR as a master for AD. I know Bamboo can do that with Okta and Workday can as well. This would be a great way to have a flawless clear process using HR systems. From recruiting, to creating an employee in the system and then pushing it to ADAzure. Otherwise it's better to go with Okta. Higher price point but lower risk.
41 votesThank you for your feedback. Please keep voting to help us prioritize this request.
-
Workday-driven automatic AD group assignment
When a new AD account is created using Workday, it should be possible to assign birthright AD groups to the user automatically.
27 votesThank you for your feedback. We are reviewing this feature request and we will post an update on it. Please keep voting so we can prioritize it.
Thanks,
Chetan -
Support for Workday "Integration System" custom attributes
Sourced from https://github.com/MicrosoftDocs/azure-docs/issues/21671
Adjust Workday web service call (get_workers) by adding a reference criteria call
As an AD Admin, I would like the Azure AD Workday connector to support "integration system" attributes which are retrieved through special modification to the Get_Workers() API call.
It would be beneficial if the web service call for workers could be adjusted to call another integration to get values that the normal API call won't get.
Example: Some values needed or recommended for provisioning might be part of custom objects or derived from other objects in Workday.
What I propose is that you at least…26 votesWe’re reviewing this feature as part of upgrading to the latest Workday API.
Please keep voting to help us prioritize.
/Luis
-
Workday to AAD/AD provisioning query scope
Workday to AD/AAD provisioning
please add the ability to scope the query passed to getworkers api. For instance, pass to getworkers company=schoolA.
Workday is now implementing shared tenants in the EDU space. In a shared tenant, the current query to get_workers pulls all workers and then allows scoping. but the worker data for all schools has to be pulled before it can be scoped. The result is AAD audit logs saturated with other schools employee data. Also need to be able to control audit data written to azure activity logs, or at least be able to clear the…20 votesHi we are working on pulling the provisioning events out of the audit logs so that they are easier to manage. I’ll reach out to people internally about being able to set the scope to a particular school.
/ Arvind
-
Workday trigger delta sync
The ability to trigger a delta sync in the Workday provisioning application would be helpful during development of the connector as well as for emergency scenarios. In addition, the ability to change the sync interval (15 min afaik) to something different.
16 votesHi we are working on the ability to sync a specific user / group on demand so you don’t have to wait for the next sync cycle.
/Arvind
-
Workday to OnPremise Sync with non Global Admin Account
In the current configuration of the "Workday to Active Directory Provisioning" you are required to create an account in Azure with Global Admin permissions to be used by the onPremise agent. All changes made to Active directory are made in the onPremise AD and not in Azure and the permissions appear to be above the needed level in order to maintain our security delegation of lowest level required to perform a task.
Is there are a solution to have the interaction between onPremise Agent, Azure and Workday that does not require this level of permission?9 votesThanks for your feedback. This is work planned for the next version of the agent.
/Luis
-
Add more attributes for Workday writeback
Provisioning from Workday to AD has almost every attribute of an AD user available to be used. But when doing writeback from AD to Workday, email address is the only value available that anyone would use. We would like to write back office phone and fax number because those are systems falling within IT jurisdiction and it makes more sense to have AD as the source of truth. Otherwise, IT has to email HR and have them make the change.
Also, Workday provisioning doesn't set the "user must change password at next logon" even though it sets a random password…
8 votesThank you for the suggestion! We have started work on phone number writeback.
-
Support synchronization and modification of binary attributes
Add support for the synchronization of binary attributes within the Azure AD provisioning / sync system.
Example: The Workday to AAD or ADDS integration allows you to extend the attribute list (e.g. photo). AAD is able to receive that attribute but wont be able to sync it to AAD or ADDS due to size limitations on the photo attributes (<100k).
In best case, provide us with a function which can be used in a expression of the attribute mappings. Possible ways: 1) photo specific function which allows you to provide pixel height and/or width (if only one is specified the…
8 votesThanks for your feedback. This is under review. Please keep voting up to help us prioritize.
Thanks,
Luis -
inbound provisioning talent
Support inbound provisioning from Dynamics 365 for Talent to Azure AD. If this can work for Workday, it should work for Microsoft's flagship HCM.
6 votes -
Inbound provisioning from Oracle
Would like something similar to the inbound provisioning for workday to be available for Oracle HCM hr system.
5 votes -
Support inbound provisioning from TalentSoft to Azure AD
Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.
5 votesThis integration is not planned but please keep voting so we can prioritize it.
/Luis
-
SelectUniqueValue function should check AD Global Catalog for uniquenesss
When configuring Workday to Active Directory User Provisioning integration with multiple child domains, it will be beneficial if the SelectUniqueValue function checks for uniqueness of samAccountName and userPrincipalName across the forest by querying the global catalog.
5 votes -
Date time comparison in scoping filter of Workday to AD provisioning service
We want to control user provisioning/deprovisioning based on termination date comparing it with current date using scoping filter.
Can you please introduce this feature so that it will ease implementation process.Reason: In some environment we need to control this with time comparison.
3 votes -
473444314@g102019.moe.edu.eg
Wwxfvrgrgg
1 vote -
Workday Address Attribute mapping and Expression for multi line address?
Does anyone have an idea to write an expression from Workday to Active Directory for address?
Workday had [AddressLineData] "100 Main Street", [AddressLine2Data] "Suite 100"
The default mapping is Direct [AddressLineData] --> streetAddress in AD.
If you mannually type the address in AD ADUC it will look like this:
100 Main Street
Suite 100
When you look at the AD attribute for streetAddress is looks like this "100 Main StreetSuite 100"
There are actually hidden special characters in it
100 Energy WayCRLF
Suite 100CR
Carriage Returns and LineFeed
So how would i add the CR and LF with a join…1 vote -
Allow Rename function for AD Name attribute
Working with Workday to Active Directory User Provisioning, if you attempt to Export (update) a value to the 'name' field in AD for an existing user an error is thrown:
Failed to update Worker 'xyz1234' in On Premises Active Directory; Error: UnwillingToPerform-SvcErr: The server cannot handle directory requests.. The directory service cannot perform the requested operation on the RDN attribute of an object. \nError Details: Problem 5003 - WILLNOTPERFORM. This operation was retried 0 times.
This is due to the Name field not supporting an update/set command but requiring a coded RENAME against AD.
ErrorCode: HybridSynchronizationInvalidOperationOnRelativeDistinguishedNameAttribute
It would…
1 vote
- Don't see your idea?