Improve/fix Workday to Azure AD provisioning to work properly with nested object properties

Fernando Almeida 106 Reputation points
2022-09-14T23:28:09.16+00:00

The app provisioner is able to set nested object properties for the employeeOrgData (even using dynamic expressions) and passwordProfile (provided only password sub-property is set) that exist in the AAD user schema. Even though this is undocumented I assumed it would be possible to map such nested object properties using a convention similar to JSONPath expressions for each sub-property. For instance this meant adding the target attributes "employeeOrgData.businessUnit" and "employeeOrgData.costCenter" with the "String" data type.

However it does not properly detect changes for nested properties such as employeeOrgData. I find that the business unit and/or cost center names are always described as being changed in the log output.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,251 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Fernando Almeida 106 Reputation points
    2022-09-16T23:51:48.69+00:00

    I'm no longer able to replicate this...

    Something must have change as right now the only I'm unable to see the changes log in the details pane, where as they were showing up at least a week ago.
    242071-employeeorgdata-changed-but-not-logged.png

    0 comments No comments

  2. Paul Rarey EA 21 Reputation points
    2023-01-04T00:59:43.75+00:00

    @Fernando Almeida
    Statement "... For instance this meant adding the target attributes ..."
    I assume you meant source attribute from AAD? Curious, did you use https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true then edit the AzureAD schema?

    275852-image.png

    I'm having a similar problem with employeeOrgData's subAttributes.
    Here's my question post >

    SCIM Provisioning of employeeOrgData subAttributes [ costCenter | division ]
    https://learn.microsoft.com/en-us/answers/questions/1150096/scim-provisioning-of-employeeorgdata-subattributes.html

    /paul

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.