Workday Connector
- Phillip Hanegan
The EmpowerID Workday Connector functions as a bridge, enabling the smooth transition of user data from a Workday cloud instance to EmpowerID. Utilizing the SCIM 2.0 protocol, the connector can provision EmpowerID Persons and sustain data synchronization across all connected back-end user directories.
This connector's architecture comprises two core components: an EmpowerID microservice deployed on an Azure app service and an EmpowerID account store specifically designed to store and synchronize Workday identity information. The Azure app service is engineered to function using a system-assigned managed identity tied to an Azure AD application explicitly created for EmpowerID. This setup enables the Workday microservice to access Azure AD-protected services securely without requiring explicit credentials for authentication. Client certificate authentication is employed to ensure a high degree of security throughout this interaction.
Â
Inventory Objects and their corresponding components in EmpowerID
Connects to the Human Resource service and retrieves Worker data.
Object in Workday | Component in EmpowerID |
|---|---|
Worker | Account |
Attribute Mapping
The table below shows the attribute mappings of Workday users to EmpowerID. Attributes marked with N/A* are supported but are not specifically mapped to corresponding EmpowerID Person Attributes. To map these attributes, the EmpowerID Schema needs to be extended. For information on extending the schema for Workday, see Inventory Workday Custom Attributes | Configure EmpowerID for the Workday Custom Attributes.
Personal Data
Workday Attribute | SCIM Attribute | EmpowerID Person Attribute |
|---|---|---|
First_Name | name.givenName | FirstName |
Last_Name | name.familyName | LastName |
Middle_Name | name.middleName | MiddleName |
Formatted_Name | displayName | DisplayName |
CountryOfBirth | AdditionalDataExtension.CountryOfBirth | N/A* |
Citizenship | AdditionalDataExtension.Citizenship | N/A* |
Email_Address | emails[?(@.type=='work')].value | |
PhoneData.PhoneNumber.Communicationtype=FAX | phoneNumbers[?(@.type=='fax')].value | Fax |
PhoneData.Phonenumber.Communicationtype=HOMEPHONE | phoneNumbers[?(@.type=='home')].value | HomeTelephone |
NumberData.Phonenumber.Communicationtype=MOBILENUMBER | phoneNumbers[?(@.type=='mobile')].value | MobilePhone |
PhoneData.PhoneNumber.Communicationtype=WORK | phoneNumbers[?(@.type=='work')].value | BusinessPhone |
Employment Data
Workday Attribute | SCIM Attribute | EmpowerID Person Attribute |
|---|---|---|
Worker_Status_Data.Active | active | Status |
Worker_Status_Data.Original_Hire_Date | hireDate | OriginalHireDate |
Worker_Status_Data.Hire_Date | hireDate | ExpectedHireDate |
Worker_Status_Data.Termination_Date | terminationDate | TerminationDate |
Worker_Status_Data.Rehire | AdditionalDataExtension.RehireFlag | If set to Y, the Person is directed through the Rehire Workflow. |
Worker_Status_Data.Terminated | Terminated | If set to true this value is used to terminate the Person in EmpowerID. |
Worker_Status_Data.Hire_Rescinded | HireRescinded | If set to true, accounts linked to the EmpowerID Person are disabled. |
Worker_Status_Data.Leave_Status_Data | OnLeave | If set to Y, the EmpowerID Person is directed to the On Leave workflow. Accounts can be disabled as needed. |
Worker_Status_Data.Secondary_Termination_Reasons_Data | TerminationReason | N/A* |
Worker_Job_Data.Position_Data.Business_Title | Title | Title |
Organization Data
Workday Attribute | SCIM Attribute | EmpowerID Person Attribute |
|---|
Workday Attribute | SCIM Attribute | EmpowerID Person Attribute |
|---|---|---|
Organization_Data.Organization_Name.COST_CENTER | Organization[?(@.organizationType=='COST_CENTER')].organizationName | CostCenter |
Organization_Data.Worker_Organization_Data.Cost_Center_Reference_ID | ['urn:ietf:params:scim:schemas:extension:AdAdditionalData:2.0:User']['WorkDayDataExtension']['departmentNumber'] | DepartmentNumber |
Organization_Data.Organization_Name.Division | Organization[?(@.organizationType=='Division')].organizationName | Division |
Custom Attributes
Additionally, the EmpowerID Workday connector supports inventorying custom attributes from Workday. After creating a Workday account store in EmpowerID, you can enable this functionality by following the procedure outlined in the Inventory Workday Custom Attributes article.
Â
Â