We currently have Workday provisioning users to Entra ID, however there's been an ask to have employee accounts disabled while they're on leave. The integration is set to have the "Create" and "Update" options allowed but not "Delete" within the provisioning page, and we've set SkipOutOfScopeDeletions to 'true' to prevent accidental account deletions. We're unsure if the integration will actually soft delete/hard delete accounts without the "Delete" option selected and haven't had a situation where we're able to test safely since we don't have an Entra sandbox.
Will the integration, with current settings, actually set accounts into a soft delete state and fully delete them after 30 days if the "Delete" option is not selected? We've confirmed that utilizing the LeaveAbsenceType [is not null] as a condition will disable the account if SkipOutOfScopeDeletions is set to 'false', but we don't want accounts to be deleted if someone is on leave for more than 30 days.
If they will be deleted, is there a way to flag an account for just disabling? The only potential solution that I've been able to trac down is below, however when I test the expression the output is always "On Leave", which would falsely disable an account.
|Hi @bsalisbury17
To account for LOA scenarios, you can modify the attribute mapping for the accountDisabled attribute in the following way:Add a new line to the attribute mapping for accountDisabled attribute.In the Source column, enter the following expression: Switch([Worker_Status], "On Leave", "True", , "False")In the Target column, enter accountDisabled.This expression will set the accountDisabled attribute to True for any worker who is on leave, and False for all other workers.Once you have made this change, you should test the configuration with a few test users from Workday to ensure that the mappings work as expected. Once you have verified that the mappings work, you can gradually expand the scope to include more users.|
| -------- |
|Hi @bsalisbury17 To account for LOA scenarios, you can modify the attribute mapping for the accountDisabled
attribute in the following way:Add a new line to the attribute mapping for accountDisabled
attribute.In the Source
column, enter the following expression: Switch([Worker_Status], "On Leave", "True", , "False")
In the Target
column, enter accountDisabled
.This expression will set the accountDisabled
attribute to True
for any worker who is on leave, and False
for all other workers.Once you have made this change, you should test the configuration with a few test users from Workday to ensure that the mappings work as expected. Once you have verified that the mappings work, you can gradually expand the scope to include more users.|