Managed System Attributes Mapping and Synchronization

You can add and synchronize attributes such as user name, phone numbers, and email addresses by mapping the source attributes to the identity attributes. You will then map those identity attributes to the Workday managed system attributes using Identity Security Cloud REST API.

Note
SailPoint does not recommend changing the value of Identity Attributes, as the Workday source aggregation logic is based on the provided default value of the Identity Attributes.

Prerequisites

  • Get the source ID.

  • Add the PROVISIONING feature string in the Workday source.

  • In the Workday tenant the Integration group needs to be given Get and Put permissions to Maintain Contact Information (Web Service).

Perform the following steps for attribute mapping and synchronization:

  1. Perform a GET request with the following command:

    GET https://{orgName}.api.cloud.sailpoint.com/beta/sources/{workdaySourceID}/attribute-sync-config

  2. Set the managed system value with the following command:

    PUT https://{orgName}.api.cloud.sailpoint.com/beta/sources/{workdaySourceID}/attribute-sync-config

    1. To set up the WORK_TELEPHONE as a target attribute, use the following command in the body:

      Copy 
      {
      "attributes": [
          {
            "name": "telephone",
            "displayName": "telephone",
            "enabled": true,
            "target": "WORK_TELEPHONE"
          }
        ]
      }

      You can set up other attributes (WORK_MOBILE, HOME_MOBILE, HOME_TELEPHONE) in the same way.

      Copy 
      {  "attributes": [
          {
            "name": "myAttribute",
            "displayName": "My Attribute",
            "enabled": false,
            "target": "WORK_MOBILE"
          },
          {
            "name": "workPhone",
            "displayName": "Work Phone Number",
            "enabled": true,
            "target": "WORK_TELEPHONE"
          },
          {
            "name": "phone",
            "displayName": "Alternate Phone Number",
            "enabled": true,
            "target": "HOME_TELEPHONE"
          }
        ]
      }

      Note
      'My Attribute' is a custom attribute and maps to existing alternate and work phone attributes.

    2. For setting up the USERID as a target attribute use the following command in the body:

      Copy 
      "attributes": [
              {
                  "displayName": "userid_value",
                  "enabled": true,
                  "name": "userid_value",
                  "target": "USERID"
              }
      ]

      For updating the user name in Workday, set the USERID as the target in the Identity mapping.

      For example, if you want to update the Active Directory's samAccountName to a Workday USERID, you must define the identity mapping using the Identity Security Cloud API as mentioned in the following mapping details:

      • For Source mapping, the Source Application is Active Directory, and the source attribute is samAccountName.

      • Then, set the Target mapping by assigning Workday as the Target Application and USERID as the Target attribute.

      To update the USERID, a Workday account must be associated to the worker.