Workday as an HR Master with Okta Single Sign On Case Study

Workday as an HR Master with Okta Single Sign On Case Study

Business Situation

This case study covers Okta and HR as a Master with Workday as the Single Source of Truth. This Project was completed for a firm based out of Austin, TX who engaged Iron Cove Solutions for Okta Profile Mastering.

Challenge for Workday as Master with Okta.

After the completion of Phase, we moved to Phase 2 for this project for a seamless Profile Master update to have Workday synchronize all user profile changes. The goal was to have the Workday update and then sync downstream to their local Active Directory environment.

The business goal is for HR and IT to automate the on-boarding and off-boarding of workers, contractors, and privileged access users based on their Workday profile status and worker status.


Customer Profile

A large company based out of Austin, TX, with 2,000 employees, has two identifiable sets of workers -Federal or Public- within their Workday cloud application. They wanted worker profile updates to sync to separate Active Directory instances and two separate Okta instances from the One Workday instance.

Manual onboarding of employees, contractors, and partners takes an enormous amount of time. The whole process can take several days. When a business has to manage a large scale of employees, this can become a considerable cost to the business bottom line.

Typical approaches for onboarding lead to low productivity, inaccurate data, and significant security risks. According to the Okta survey, 73% of IT departments have a hard time of keeping track of individual identity and permissions.

WorkDay Lifecycle Management

Key Project Phases for Implementation

AActive Directory AnalysisApps Analysis
BWorkDay Analysis/ImplementationSaaS Appliation Deployment
CWorkday-Active Directory RelationshipRollout Considerations
DWorkday to Okta to AD Deployment

Phase A Active Directory Analysis

Questions Required/Answered:

  1. Data Review
  2. Confirm Installation Okta AD Agents and IWA Apps
  3. Okta/Workday Profile Mapping Attributes Design (Okta Expression Language)
  4. Matching and connected.
  5. AD Security Groups
  6. Analyzed and Understood should be defined.
  7. W/in Application Assignments
  8. Testing
  9. Confirmation

Phase A Goals

  1. WD and AD attribute match and align.
  2. WD and AD attribute lifecycle testing. Patrick = Pat or Sue=Susie
  3. Security Groups for Application Assignment
  4. AD Security Groups to be defined.

Phase B Workday Analysis/Implementation

  1. Understand WorkDay Implementation
  2. Review with WD Owners
  3. Confirm lifecycle process today
  4. Trigger Events (New Hire, Transfer, Termination)
  5. WD Profile and Attributes
  6. The critical areas of focus on are those attributes which IT and business owners leverage for application provisioning and authorization.
  7. What role do groups play today?
  8. Do they want to sub out Okta groups for Workday Groups?
  9. Any new changes of membership have to come from WD, not Okta or AD
  10. What kind of help do they need there?
  11. Standards – Naming Conventions

Phase C Workday-Active Directory Relationship

  1. Relationship of Workday and Active Directory (LCM)
  2. Events and Triggers
  • Example: when should an AD user record be created, updated, and/or disabled.
  • What AD attributes are mapped to Workday user attributes?

Goal and Work Flow Achieved


  1. Workday as the Master
  • HR is now running deployment of cloud applications.
  1. Active Directory
  • Recieving, Changing all in synchronization.
  1. LCM (Lifecycle Management)
  2. Iron Cove Support
  • Standard Meetings
  • Trouble Shooting
  • Planning and further adoption of Okta Adaptive MFA.

Workday to Okta Solution

What Okta solves with HR as a Master!

Okta Lifecycle Management will connects your HR system, in this case WorkDay and IT resources to automate onboarding and offboarding in a modern, seamless, and secure way. Watch this video. Okta see's a 76% increase in IT productivity and management cost savings. Some organizations see a 90% reduction in password reset request.

Talk to us

Phone & Hours

(888) 959-2825
Monday-Friday: 9am to 5pm