Successful integrate Workday in your IT infrastructure

Introduction

Workday offers a highly effective ERP alternative for HR and financial management. A large number of industry leaders are already powered by Workday or are currently migrating to it.

One of the main goals in enterprise identity management is the integration of the human resources system with the IT infrastructure. This allows a seamless connection between HR and IT life-cycle.

This blog post will provide you with a 6 point checklist for a successful integration of Workday in your IT infrastructure. Also I will elaborate on one of the key decisions “How are we going to connect to Workday?”


Connecting to the Workday cloud service

A closer look to Microsoft technologies and Workday interfaces will offer us three major ways for a connection to Workday — Also these options could be combined. I will not dig into technical details for each of them but my checklist will include tips to choose the right one.

1st: Azure Active Directory integration with Workday

Microsoft’s Workday integration based on Azure Active Directory (AAD) is the future of “Identity as a Service” and a strong competitor to the other options. — Cloud Identity Management.

For more details you can read a blog post from Oxford Computer Group’s CTO — James Cowling and the announcement from Microsoft’s Alex Simons (Director of PM, Microsoft Identity Division).

2nd: Custom Microsoft Identity Manager (MIM) connector to official Workday Web Services

Workday offers official Web Services which can be called from Microsoft’s Identity Manager (On-Premises Identity Management System). These are by default available on all Workday tenants.

3rd: Custom Microsoft Identity Manager (MIM) connector to Workday Custom Reports via Web Services

Workday also offers custom reports which can be tailored to customer requirements (to some degree). This requires development work on the Workday site.

4th: A combination of the above options

Checklist to success

With the following checklist you are prepared for the major challenges you are going to face during a Workday integration.

Future dated information

Several companies require user provisioning to IT systems prior to the first day of work. Therefore your connector will need the ability to gather future dated information.

  • As of today this is not possible with the Azure AD integration.
  • You will have to call the official Workday Web Services twice for it (with different effective dates).
  • The official Workday Web Services might not return manager information for future hires.
  • Workday custom reports could also solve this challenge for you and keep the logic on the workday side.
  • If new hires are required to login to Workday prior to their first day of work and you are using an authentication solution which requires an AAD or ADDS account (like AAD SSO or ADFS) this is a hard requirement for you.
Expatriates / International assignee’s

Make sure the connector you choose returns the correct information for international assignee’s (home vs. host country).

Manager information / Organizational chart

Workday has a “management chain/logic”, you will have to ensure you receive the correct manager from a business perspective.

Employee self-service focus

Workday is highly focused on employee self-services, be aware the business might ask for:

  • Workday as the primary system to maintain telephone numbers (data quality)
  • Workday as the primary system for employee photos (amount of data)
  • …Much more.
Attribute write-back to Workday

Most likely you will be given the requirement to write-back some attributes to Workday (e.g. Email, AccountName, …).

  • Email write-back can be done with the Azure Active Directory integration.
  • All other write-back operations should be done with the official Workday Web Services.
Rescinded transactions and hires

Workday also shifts workload from the HR department to managers — In the beginning this will impact data quality (e.g. duplicated employee’s in Workday). Your normal off-boarding / life-cycle design might not trigger if HR resolves these data issues.


Which connector should we use?

There is no right or wrong, here are some thoughts…

  1. If all your use cases are covered from the Azure Active Directory integration with Workday — Go for it!
  2. If you only need to write-back the email to Workday, you might be able to use the Azure Active Directory integration for it. You can still combine it with other options for user provisioning to AAD/ADDS.
  3. Using custom reports can shift responsibility to the Workday/HR team which can be a clear benefit.
  4. You might have to use the official Workday Web Services for write-back purposes.
  5. Using custom reports will require cooperation with the Workday implementation partner.