Case study
A clean bill of health: Workday SaaS HR solution deployed at international healthcare group
Our client (who wishes to remain anonymous), a global healthcare giant, needed help integrating the Workday cloud SaaS app with their Active Directory, Azure AD, and Microsoft Identity Manager (MIM) systems.
They had limitations with their global joiner-leaver-mover (JML) processes, including integration and adoption of internal technologies and services, which had developed as the business had grown.
They wanted to introduce the Workday HCM solution as the new authoritative source – the ‘single source of truth’ for identities – to help streamline JML processes and maintain secure access governance. This needed to cater for both ‘wired’ and ‘unwired’ users and integrate seamlessly with another of their important HR and IAM SaaS applications, ServiceNow.
Results
Bulk migration of multiple sets of user data into Workday.
Integration of Workday with various IAM platforms.
Secure joiner processes for provisioning new user identities.
Bespoke IAM auditing and reporting capabilities.
Ongoing managed support for inhouse IT.
Free Guide
The Complete Guide to Microsoft Entra [New for 2024]
The most comprehensive guide to Microsoft Entra. Over 40 pages. Plus, Microsoft licensing simplified.
Discover how you can:
- Cut costs by removing 50% management effort
- Elevate security – reduce breach chances by 45%
- Automate provisioning to ensure compliance
A global workforce, thousands of employees, multiple systems – and the need for a single source of truth
The IT team at our client’s HQ were tasked by the Board to deliver on a very important project:
“To deliver a single source of truth for HR and IAM and to make available a number of common services to employees globally through digitising their experience.”
Our client is a globally federated organisation with a common brand and common goals, but they had limitations on the global integration and adoption of internal technologies and services, which had developed as the business grew. These included:
- Multiple HR systems
- Multiple active directories (AD)
- The mixture of processes and tools being used
- Many employees in a ‘Care Services’ population were not actively using IT within their day-to-day job roles
As a large organisation with multiple HR systems, active directories, and other tools in place, they had an identity problem across the business that was inhibiting their ability to collaborate, work efficiently, and ensure secure access to systems and information.
Our client also had a unique challenge of different user requirements for access to IT systems and applications between what they referred to as ‘wired’ or ‘unwired’ users. A ‘wired user’ needed identities synced with Azure AD for single sign-on access to business applications and systems. Whereas an ‘unwired user’ (such as a janitor or cleaner) did not have access or require access to IT, and therefore just needed identities synced to a standard on-premises Active Directory.
They wanted to introduce the Workday HCM solution as the new authoritative source – the “single source of truth” – to help streamline JML processes and maintain secure access governance.
The project had several important deployment and integration objectives, including:
- Enabling all the client’s companies to use federated identity to interface with the Workday cloud HR tool.
- Fully integrate Workday with existing IAM systems including ServiceNow, NetIQ (in the UK) and IBM ID manager (in Spain), Active Directory, and Azure Active Directory.
- Design a process to manage the JML life cycle of many wired and unwired users.
- Integrate a solution to enable user single sign-on and user ‘self-service’ through Workday for both wired and unwired users.
Migrating data into Workday as the one source for all company identities
Multiple options were considered for a global system provider, including IBM, OKTA, Microsoft, and Amazon Web Services. After internal considerations of cost, inhouse knowledge, and integration with current services and infrastructure, our client decided to move forward with the project using Microsoft technologies.
They then needed to decide on a vendor. The client had a strong existing relationship with Kocho, as the business deployed their original Microsoft Forefront Identity Manager (FIM) solution within the UK. The inhouse expertise and knowledge from the Kocho consultants had been proven from previous engagements and the relationship was good.
Kocho started the project off by helping plan the deployment and integration of Workday into the organisation. This started with several exercises to migrate data out of the many global company directories into Workday and establish it as the authoritative source for all identities. This project also included some specific development work to write back company email addresses and other bespoke pieces of information.
Once Workday was set up as the authoritative source, we then got onto helping with the integration and synchronisation of identities. This ensured that new user data would flow seamlessly into ServiceNow, as well as their many global Active Directory tenancies and Azure Active Directory.
Once Workday was integrated successfully into ServiceNow, MIM, Active Directory and Azure AD, we then built and deployed the processes for all their JML user case requirements. Our client had a unique challenge requiring three specific user provisioning (and resulting access) journeys.
- Journey 1: They needed a “pre-day 1” identity set up for new staff, so they could undertake and pass training and credential check requirements ahead of their start date. For example, standard health and safety training or advanced health care related training. In this user case, an Azure AD account was needed, but not a full employee account.
- Journey 2: A joiner process for ‘unwired’ users (for example, janitors, cleaners, temporary staff), so that they would have full Workday accounts created and then have identities provisioned into local on-premises active directories.
- Journey 3: Our client wanted to streamline and digitise the JML process for the bulk of its staff by synchronising Workday identities with Azure AD to enable secure single sign-on to company tools and applications while providing user Workday ‘self-service’ functionality.
Free Guide
The Complete Guide to Microsoft Entra [New for 2024]
The most comprehensive guide to Microsoft Entra. Over 40 pages. Plus, Microsoft licensing simplified.
Discover how you can:
- Cut costs by removing 50% management effort
- Elevate security – reduce breach chances by 45%
- Automate provisioning to ensure compliance
Great emails start here
Sign up for free resources and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Got a question? Need more information?
Our expert team is here to help.