Our clients often grapple with the complexity of onboarding new hires, managing internal movements, and processing exits. For those customers who are using Workday, integrating with OpenIAM transforms the way organizations automate employee identity operations. This blog post is designed to cut through that complexity by providing an overview of how this integration works.
You'll discover how connecting OpenIAM with your Workday tenant automates the 'joiner, mover, leaver' (JML) processes, resulting in the following benefits:
- Efficiency: Automates onboarding, internal role changes, and offboarding, cutting down on paperwork and manual data entry.
- Security: Tightens security by automatically updating or revoking system access based on employee status, reducing the chance of error and unauthorized access.
- Cost Savings: Lowers expenses by reducing the need for manual HR intervention, cutting down on labor costs and potential compliance-related penalties.
- Privacy Compliance: Ensures that employee data remains confidential and secure, meeting the stringent requirements of data protection laws.
We’ll cover how OpenIAM integrates with Workday, the options for JML processing, and the method for writing attributes back to Workday. By the end of this post, you'll have a comprehensive understanding of how this powerful integration can serve your organization's needs and elevate your HR management to the next level.
Integrating with Workday
Workday offers a variety of interfaces for integration, including SOAP, REST, and Report as a Service (RaaS). While the SOAP interface provides detailed data, it often requires multiple calls for comprehensive employee information, which can lead to performance issues in IAM processes.
To streamline this, Workday's RaaS interface allows organizations to create customized reports. These reports act as web services, selectively presenting only the necessary attributes to the IAM system, enhancing efficiency. Implementers can also choose their preferred data delivery format, either JSON or XML.
OpenIAM simplifies this further with a ready-to-use connector, specifically designed to interact with RaaS endpoints formatted in JSON.
The accompanying diagram illustrates the integration process at a macro level. The Workday connector, once integrated into the OpenIAM cluster, is configured to periodically check the Workday RaaS endpoint for updates. The polling frequency is customizable to align with the organization's unique requirements, though typically, a schedule of 3 to 4 times per day is adequate for most operations.
JML Processing Options
OpenIAM intelligently handles incoming data to determine the required operation, triggering the corresponding workflow. For new employees, this means initiating a 'New Joiner' workflow, which can be customized to accommodate variations such as rehires, rescinded offers, or no-shows. The system allows for tailored rules to manage these scenarios, ensuring a robust and comprehensive solution.
OpenIAM's workflows extend beyond just the identity management scope. They can be integrated with other systems to facilitate full onboarding or offboarding activities. Take, for instance, the logistics involved with a new hire—securing a laptop, badge, or phone. OpenIAM can orchestrate these processes, even when the items are outside its direct purview.
For example, OpenIAM can generate a form for managers to specify the resources a new hire needs. Once the manager completes and submits this form, OpenIAM can automatically raise a ticket in the IT Service Management (ITSM) system, prompting the responsible team to fulfill the equipment request. This streamlined approach not only simplifies the manager's role but also ensures that the new hire has everything they need from day one, creating a seamless end-to-end process.
Workday Write-Back Functionality
In many organizations, one critical piece of data managed in Workday is the employee's Work_Email. However, Workday is often not the primary source of truth for this attribute; typically, the responsibility lies with the email system or the IAM system. To address this, OpenIAM offers a solution through its write-back functionality using the SOAP API.
During the onboarding process, a work email address is usually generated by the IAM or the email system. Once OpenIAM has this information, it can update Workday with the new Work_Email value. This action is performed through the SOAP interface, as the RaaS interface does not allow write operations. This seamless integration ensures that Workday's records remain consistent with authoritative sources.
Benefits of the OpenIAM/Workday Integration
In conclusion, the integration of OpenIAM with Workday is more than just a technical enhancement; it's a strategic business move that offers a wealth of benefits. By streamlining the 'joiner, mover, leaver' processes, organizations can achieve greater operational efficiency, bolster security, realize cost savings, and ensure privacy compliance. This powerful synergy automates the intricate workflows of HR management, allowing businesses to focus on growth and innovation while resting assured that their employee identity operations are running smoothly. With OpenIAM's features like write-back functionality and customizable workflows, your Workday ecosystem becomes even more robust, ready to adapt to the evolving needs of your enterprise.