WorkdayHCM Implement WebHook Triggers for Provisioning to AAD or AD
Need: An AzureAD inbound, event-driven user provisioning interface for external systems that are an originating source of people/users (joiners/movers/leavers).
WorkdayHCM is our primary HCM system. It is not the only point-of-origin for people that will require IT services (apps licenses/access, compute devices, facility access badges, phones, etc.)
The current AzureAD WDHR provisioning adaptor is polling based. This Poll-for-Change pattern does have utility, but is far from modern "Event-Driven" auto-provisioning.
I've read through the Provision-On-Demand feature, purposed as a test/debugging tool. Not available as a continuous runtime pattern.
In the Power.Automate Connectors reference I found the WorkdayHCM (Preview) connector.
This P.A. Connector appears to leverage WDHR's Webhooks for "pushed" action triggers based on create/change of person records.
It also appears specific person-record attributes can be subscribed to, thus the Connector would only receive action-triggers based on change of those subscribed attributes. Excellent.
This P.A Connector implementation pattern should be available as a configuration option for Workday to AD and Workday to AAD CloudHR provisioning patterns.
We could implement the Connector with a little PowerShell in the P.A. flow using the ActiveDirectory or AzureAD modules. However, that by-passes the rules/conditions that are configurable within the WorkdayHCM Adaptor. We would have to code that logic into the flow.
AzureAD has one of the best SCIM Client implementations (I've seen a few :-).
Azure.AD should implement a SCIM Endpoint for external systems (SCIM Clients) that are a source of people/users who require AzureAD and/or DomainAD accounts.