Share via

Improve/fix Workday to Azure AD provisioning to allow mail property to be set

Fernando Almeida 106 Reputation points
2022-09-14T23:38:02.767+00:00

The mail property is never set even though it appears in the log output for the provisioning with the value that should be assigned.

Use case:

  • Allow the user to set an email preference that can flow through from from Workday
  • Allow setting the mail for an external email provide currently being used
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Chetan Desai 1,066 Reputation points Microsoft Employee
    2022-09-16T15:08:34.827+00:00

    @Fernando Almeida
    Thanks for the feedback. There is a known limitation with respect to mail setting in the Workday to Azure AD provisioning flow.

    • Because the mail attribute is tied to Exchange Online, you cannot write to that attribute unless you have an Exchange Online license. In this case, the mail attribute is ignored.
    • If you have an Exchange Online license, you can set the mail attribute at the time of creation. But you cannot change it later through the Azure AD provisioning interface.
    • To set an external (non-Microsoft, personal email) on the user profile, use the attribute otherMails.

    We will update our documentation with this known limitation and guidance.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fernando Almeida 106 Reputation points
    2022-09-16T23:31:30.437+00:00

    @Chetan Desai thanks for the quick feedback. can you further clarify the following additional doubts.

    If you have an Exchange Online license, you can set the mail attribute at the time of creation.

    How is that even possible? if the account does not yet exist how can it have a license assigned ahead of time? I'm not following this part.

    Because the mail attribute is tied to Exchange Online, you cannot write to that attribute unless you have an Exchange Online license. In this case, the mail attribute is ignored.

    I suppose you may not see this as a viable use case, but wouldn't I be able to make the seldom decision to use an external email provider and don't rely on Exchange. I get that Mail is "tightly coupled/integrated" with other services from Microsoft but still as an end user this could ultimately be my choice. Additionally, in a migration scenario I don't think it would not be uncommon wanting to provision users from an HR system and make them eligible for a smaller subset of services (eg. Teams only) and allow other users in the tenant to be able to at least know how they could contact the user via what I interpret as this "primary email" which would need to be stored in the mail property.

    To set an external (non-Microsoft, personal email) on the user profile, use the attribute otherMails.

    otherMails is a string collection.
    Can you please clarify:

    1. An example expression on how to set that value using an expression
    2. Does this mean I won't be able to manually as an admin register other emails for the user because the provisioning app will most likely overwrite them?
  2. Michael Leach 15 Reputation points
    2023-12-04T18:54:24.2166667+00:00

    FYI: I am hitting this limitation with a new client. The Provisioning says it's writing the email address. But, it isn't. How is this not fixed from over a year ago?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.