Improve/fix Workday to Azure AD provisioning to allow setting a dynamic password

Fernando Almeida 106 Reputation points
2022-09-14T23:09:51.19+00:00

Despite apparently not being explicitly documented for the provisioning app, I am able to set a constant/static password for a user on creation by registering a new target property named "passwordProfile.password" with the data type "String".
Unfortunately, I'm unable to use dynamic expression to also set this password. The error returned is

The property 'passwordProfile.password" is invalid.

My main use case is to able to generate a user-specific password based on private data known only to him and thus speed-up onboarding without requiring manual intervention from an administrator.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,374 questions
{count} votes

Accepted answer
  1. Chetan Desai 981 Reputation points Microsoft Employee
    2022-09-16T14:29:14.25+00:00

    @Fernando Almeida
    I'm assuming you are provisioning from Workday to Azure AD (and not on-premises AD). The target attribute "passwordProfile.password" is already present in the schema. You need not add another property with the same name.

    I tested this behavior in my lab setup - setting password to a dynamic value using an expression mapping and it worked as expected.

    241943-image.png

    Make sure that the password generated by the expression complies with your password policy.

    If the issue persists, open a support ticket from the Azure portal. Specify service: "Azure AD User Provisioning and Synchronization" -> "Problem Type: Provisioning from Cloud HR to AD or Azure AD".

    You can also explore this capability of generating Temporary Access Pass (TAP) and sending it to the user's manager using Azure AD Lifecycle Workflows.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.