Import Workday Data | Create or Update AD Users rule
This rule queries the specified Workday data source and provisions new user accounts or updates them according to the Action section settings.
IMPORTANT: The Workday HR extension should be configured. Learn more in: Workday extension settingsUsing this rule requires the Cayosoft Administrator Workday Integration license.
When to use this rule
You can use this rule when performing bulk user account provisioning or updating from the Workday HR system into Active Directory.
Rule settings
Query section
| Setting Name | Description |
|---|---|
| Query Section | |
| Workday endpoint URL |
Specify Workday endpoint URL. By default, the value is taken from the Workday HR extension. |
| Workday credentials |
Specify Workday credentials. This account must have proper API permissions in the Workday tenant. User format: user@tenant. By default, the value is taken from the Workday HR extension. |
| More Options | |
| Workday properties to include | List of properties to get from Workday HR. |
| Hours to sync | Specify how often synchronization will be run (every number of hours). |
| Filter data | To hide unwanted data, set the filtering conditions by Workday HR attributes here. |
| AD Properties to display | List of properties to get from Workday HR. |
| Sync mode |
Select synchronization mode:
|
| Data Source Anchor attribute | Select a column in the data source that contains the attribute value for identifying and mapping a computer. |
| Active Directory Anchor attribute |
Defines the attribute in the Active Directory to which the Data Source anchor attribute is to be compared. When a new user is created, this value also specifies the Active Directory attribute into which the Data Source anchor is written for comparison the next time the rule is executed. NOTE: If the Active Directory attribute you wish to use as the Active Directory Anchor attribute is not displayed, you can enter the LDAP name of the attribute in the field. The attribute must be flagged as searchable within Active Directory. To determine if the attribute is flagged as searchable, you can use ADSI Edit to view the Schema Objects container and examine the attribute’s searchFlags property. For more information, review the following article: Search-Flags attribute. |
Action section
| Setting Name | Description |
|---|---|
| Create in |
Determines the initial location within Active Directory, where the new user accounts will be created. NOTE: For simplicity, Cayosoft recommends that new objects be created in a separate OU and then moved to the final location after provisioning is completed. |
| Account | |
| Logon Name (SamAccountName) |
By default, the SamAccountName is automatically generated from the Data Source assuming the Data Source contains the correct named fields. If field names are not the same as shown for the selected format, contact Cayosoft for an override format. If the SamAccountName resides in the Data Source, then use the Selector button to pick the field that stores the SamAccountName. The SamAccountName must have a unique value in the target domain. |
| UPNSuffix | It is the domain name component of the new user’s UserPrincipalName (UPN). If you use Microsoft 365, this value should be set to a domain registered in Microsoft 365/Azure AD. |
| UserPrincipalName |
By default, the UserPrincipalName (UPN) is automatically generated from the Data Source assuming the Data Source contains the correct named fields. If field names are not the same as shown for the selected UPN format, contact Cayosoft support for an override format. If the UPN resides in the Data Source, then use the Selector button to pick the desired field. The UPN must be a unique value. NOTE: Microsoft best practices assume the Active Directory and Microsoft 365/Azure AD UPNs will match. |
| FirstName (GivenName) | If the Data Source contains a field named FirstName, ignore this setting. Otherwise, use the Selector button to choose a field from the Data Source. |
| Initials | Specify user initials. |
| Last/SurName (sn) | If the Data Source contains a field named LastName, ignore this setting. Otherwise, use the Selector button to choose a field from the Data Source. |
| Name (cn) |
If the Data Source contains fields named FirstName and LastName, choose the desired format or ignore this setting. Otherwise, use the Selector button to select a field from the Data Source or contact Cayosoft for an override format. |
| Display Name |
If the Data Source contains fields named FirstName and LastName, choose the desired format and ignore this setting. Otherwise, use the Selector button to select a field from the Data Source or contact Cayosoft for an override format. |
| Description |
If the Data Source contains a field name Description, ignore this setting. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
| Settings | |
| Default Password |
This setting defines the password for the new account. This value can be static text, a field from the Data Source chosen using the Selection button, or set to Generate Random Password. NOTE: Static passwords or passwords from Data Source must meet the Active Directory Password Complexity Policy of the target container, or the account will be created in a disabled state. Randomly Generated Passwords will be generated to match both the Active Directory Password Complexity Policy and additional complexity requirements defined in the Cayosoft Administrator Password Complexity Policy. |
| Must change password at next logon | Enables or disables the must change password at next logon option. |
| Account enabled | Enables or disables the user account. |
| User cannot change password | Enables or disables the user cannot change password setting. |
| Password never expires | Enables or disables the password never expires setting. |
| Account Expiration Date |
Defines the Account Expiration attribute in Active Directory. In addition to populating this field from the Data Source, a text string can be manually entered into the field in the format MM/DD/YYYY or YYYY-MM-DD. |
| Organization | |
|
If the Data Source contains one of these field names, ignore this setting. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
| Manager Identifier |
Use the Selector button to choose a field from the Data Source that is a unique identifier for the user’s manager. Typically, this will be the Manager's EmployeeNumber or EmployeeID. |
| AD Attribute for Manager Lookup | Select an Active Directory attribute used to search for the value of the Manager Identifier specified in the field above. |
| Contact Info | |
| Country |
If the Data Source contains a field name Country, ignore this setting. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
| Email Address |
If the Data Source contains a field name or Email Address, ignore this setting. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
|
If the Data Source contains a field with one of these names, ignore this setting. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
| Alternate Name Generation Rules | |
| Name conflict resolution | This option determines how the system should react when the name of a user being created already exists. |
|
The behavior of this attribute is the same as in the Contact Info section. |
| Counter Format | This setting specifies the number of fixed symbols the counter should have. |
| Add counter when | Specifies if a counter should always be added to the username, or only when name conflicts occur. The counter option is not available when the Use Alternative Generation Rules option is set to On failure record error in Rule Execution History and goes on. |
| Other Properties | |
| Other properties | Using the picker dialog, set a mapping between data source columns and target user properties. |
| Other properties script |
Data mapping can also be set by script.
For example, to populate extension attribute 1 with a static value: To map a column to extension attribute 2:
|
| Notify Manager | |
| Notify Manager | Specify whether you want to notify the manager when the user is created. You can also select to send email for each created user or send one email for all created users. |
| Additional to | Additional emails can be sent to the Default Notify Alert Email Address - usually, this is the administrator's email address. |
| CC, BCC | Email address where the copy will be sent. |
| From | Users can receive emails from the default SMTP from the address. |
| Subject |
Email subject. TIP: It is possible to customize the email subject by using different tokens. See Customizing an automation rule or web action output email – Cayosoft Help Center. |
| Message |
Message text. TIP: It is possible to customize email messages by using different tokens. See Customizing an automation rule or web action output email – Cayosoft Help Center. |
| Limit the number of emails sent per minute |
An integer value that represents the number of emails sent per minute by this rule. To change the default value, navigate to Home > Configuration > Settings > Email Settings (SMTP). The default limit for Microsoft 365 SMTP gate is 30 emails per minute. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 11.2.0 | The rule has been introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.