A few weeks back I posted this regarding using PowerShell and the Granfeldt PowerShell Management Agent to interface Microsoft Identity Manager with Workday HR. The core of this functionality is the WorkdayAPI PowerShell Module which I forked from Nathan and added additional functionality.
This post details additional functionality I’ve added to the WorkdayAPI PowerShell Module. Updates include the following additional cmdlets to return Workday HR Supervisory Hierarchy, HR driven Provisioning Flags and User Photos;
Implementations of Workday obviously vary from organisation to organisation. Workday HR being an authoritative source of identity means it is also often the initiator of processes for Identity Management. For one of our customers base entitlements are derived from Workday Job Profile and may specify an Active Directory Account and an Office 365 License.
The Get-WorkdayWorkerProvData cmdlet is invoked from when calling Get_WorkdayWorkerAdv with the -IncludeWork flag. The result now returns ProvisioningGroup information as part of the returned PowerShell Object. As shown below Workday has indicated my Identity requires Active Directory and Office 365 (email).
Get-WorkdayWorkerProvData -WorkerId 181123 -WorkerType Employee_ID
Provisioning_Group Status Last_Changed ------------------ ------ ------------ Office 365 (email) Assigned 1/05/2017 9:31:21 PM Active Directory Assigned 1/05/2017 9:57:37 PM
The Get-WorkdayWorkerMgmtData cmdlet is invoked from when calling Get_WorkdayWorkerAdv with the -IncludeWork flag. The result now returns MgmtData information as part of the returned PowerShell Object. The collection is an ordered list of the Workday HR Supervisory Hierarchy for the object.
Expanding the collection we can see the Workday HR Supervisory Hierarchy. Note: the top of the hierarchy is listed twice as in this organisation the top reports to himself.
If you just want to return the Management Hierarchy you can with Get-WorkdayWorkerMgmtData.
Get-WorkdayWorkerMgmtData -WorkerId 1234 -WorkerType Employee_ID
The Get-WorkdayWorkerPhoto cmdlet is invoked from when calling Get_WorkdayWorkerAdv with the -IncludePhoto and -PhotoPath flags. The result will then output the photo to the path provided in the -PhotoPath option.
If you just want to export the Photo for a single user you can with Get-WorkdayWorkerPhoto.
Get-WorkdayWorkerPhoto -WorkerId 1234 -WorkerType Employee_ID -PhotoPath 'C:\temp\workday'
Using the WorkdayAPI PowerShell Module we can now access information to drive the provisioning process as well as understand identities placement in the Supervisory hierarchy. We can also obtain their Workday Profile photo and sync that to other places if required.
Recently under the experimental Azure Functions build Microsoft Developer Advocates have shown enabling Azure Functions…
Today, I’m super excited to finally announce the Beta release of EntraPulse Lite – a…
I'm excited to share some significant authentication enhancements I've contributed to the Lokka MCP Server…
Last month I had the pleasure of speaking at the Sydney event for Global Azure.…
Model Context Protocol (MCP) is a powerful framework that extends AI clients like Claude and…
I've just completed participating in the Azure AI Developer Hackathon that was looking to provide…
This website uses cookies.
