Workday to OnPremise Sync with non Global Admin Account
In the current configuration of the "Workday to Active Directory Provisioning" you are required to create an account in Azure with Global Admin permissions to be used by the onPremise agent. All changes made to Active directory are made in the onPremise AD and not in Azure and the permissions appear to be above the needed level in order to maintain our security delegation of lowest level required to perform a task.
Is there are a solution to have the interaction between onPremise Agent, Azure and Workday that does not require this level of permission?
Thanks for your feedback. This is work planned for the next version of the agent.
Faraz A Shaukat commented
Is there an update on when this will be available ? I have several in our security team asking about these permissions