Configure Azure AD provisioning to retrieve pronoun information from Workday

This article describes how you can customize the following two HR-driven provisioning apps to fetch pronoun information from Workday.

About pronoun information in Workday

Workday introduced the ability for workers to display pronoun information in their worker profile in Workday 2021 R1 release. The ability to fetch pronoun data using Workday Web Services (WWS) API call was introduced in Get_Workers API version 38.1 in Workday 2022 R1 release.

Note

Links to certain Workday community notes and documents in this article require Workday community account credentials. Please check with your Workday administrator or partner to get the required access.

Enabling pronoun data in Workday

This section describes steps required to enable pronoun data in Workday. We recommend engaging your Workday administrator to complete the steps listed below.

  1. Ensure that pronoun display and sharing preferences are enabled as per Workday guidelines. Refer Workday documents:

    Steps: Set Up Gender Pronouns to Display on a Worker Profile * Human Capital Management * Reader * Administrator Guide (workday.com)

    Steps: Set Up Public Profile Preferences * Human Capital Management * Reader * Administrator Guide (workday.com)

  2. Use Workday Maintain Pronouns task to define preferred pronoun data (HE/HIM, SHE/HER, and THEY/THEM) in your Workday tenant.

  3. Use Workday Maintain Localization Settings task -> Personal Information area to activate pronoun data for different countries.

  4. Select the Workday Integration System Security Group used with your Azure AD integration. Update the domain permissions for the security group, so it has GET access for the Workday domain Reports: Public Profile.

    Screenshot of permissions to setup in Workday.

  5. Activate Pending Security Policy changes.

  6. Select a worker in your Workday tenant for testing purposes. Set pronoun information for this worker using the Edit Personal Information task. Ensure that the worker has enabled pronoun display to all in their public profile preference.

    Screenshot of enabling pronoun display option.

  7. Use Workday Studio or Postman to invoke Get_Workers API version 38.1 for the test user using the Workday Azure AD integration system user. In the SOAP request header specify the option Include_Reference_Descriptors_In_Response.

      <bsvc:Workday_Common_Header>
         <bsvc:Include_Reference_Descriptors_In_Response>true</bsvc:Include_Reference_Descriptors_In_Response>
      </bsvc:Workday_Common_Header> 
    
  8. In the Get_Workers response, you will now see pronoun information.

    Screenshot of Workday Get Workers API response.

Note

If you are not able to retrieve pronoun data in the Get_Workers response, then troubleshoot Workday domain security permissions. Ensure your integration security group has permission to the segmented security group that grants access to the pronoun data.

Once you confirm that pronoun data is available in the Get_Workers response, go to the next step of updating your Azure AD provisioning app configuration.

Updating Azure AD provisioning app to retrieve pronouns

To retrieve pronouns from Workday, you'll need to update your Azure AD provisioning app to query Workday using v38.1 of the Workday Web Services. We recommend testing this configuration first in your test/sandbox environment before implementing the change in production.

  1. Sign-in to Azure portal as administrator.

  2. Open your Workday to AD User provisioning app OR Workday to Azure AD User provisioning app.

  3. In the Admin Credentials section, update the Tenant URL to include the Workday Web Service version v38.1 as shown below.

    Screenshot of Azure portal provisioning app with Workday version.

  4. Open the Attribute mappings blade. Scroll down and click Show advanced options. Click on Edit attribute list for Workday.

  5. If your provisioning app is configured to use the default WWS API version v21.1, then reference this article to review and update the XPATHs for each attribute.

  6. Add a new attribute called PreferredPronoun with XPATH

    /wd:Worker/wd:Worker_Data/wd:Personal_Data/wd:Personal_Information_Data/wd:Pronoun_Reference/@wd:Descriptor

  7. Save your changes.

  8. You can now add a new attribute mapping to flow the Workday attribute PreferredPronoun to any attribute in AD/Azure AD.

  9. If you want to incorporate pronoun information as part of display name, you can update the attribute mapping for displayName attribute to use the below expression.

    Switch([PreferredPronoun], Join("", [PreferredNameData], " (", [PreferredPronoun], ")"), "", [PreferredNameData])

  10. If worker Aaron Hall has set his pronoun information in Workday as HE/HIM, then the above expression will set the display name in Azure AD as: Aaron Hall (HE/HIM)

  11. Save your changes.

  12. Test the configuration for one user with provisioning on demand.

Next steps