Workday Email and Phone Writeback
Okta has added the ability to write back email and phone number attributes to Workday. With this new writeback feature, Okta, Active Directory, or other Profile Source can update Phone Number and Email Workday attributes. No other Workday attributes are supported at this time.
Prerequisites
Set up provisioning for Workday. See Workday
Procedures
Configure Workday
In order for the writeback feature to work successfully, you need to grant additional required permissions to the integration system user/System Group. Then activate the permissions.
-
Domain Security Policy Permissions.
Follow steps a-e (part of step 7) of Grant permission to an Integration System User for the domain "Worker Data: Maintain Contact Information" – Get and Put.
-
Business Process Security Policy Permissions.
-
Search for bp:contact change, then edit the Business Process Policy:
-
Assign the Integration System User’s security group created in Create an Integration System User in Workday to Initiating Action: Maintain Contact Information (Web Service):
-
-
Follow step 7 in Grant permission to an Integration System User to activate the security policies mentioned in Requirements under Creating an Integrator System User in Workday.
Configure Okta
-
In Okta, open the Workday app, and go to the Provisioning tab.
-
Select To App in the left panel under SETTINGS, then under Workday Attribute Mappings, select Go to Profile Editor.
-
Add the Workday attributes that are currently supported for writeback. This is done by discovering attributes from Workday and mapping to relevant Okta attributes. Click Add Attribute.
-
Click Refresh Attributes.
-
Add the required Workday attributes, then click Save.
Each attribute has three different data types which are explained below. In the table, the attribute Work Email is used as an example:
Attribute Name Type Required/Optional Comments Sample Values EmailAddressData Work EmailAddress String Required Map to Okta user attribute OktaCustomWorkEmail EmailAddressData Work Primary Boolean Required If Work email that is pushed needs to be set as Primary, set value as true. Default is false. true EmailAddressData Work Public Boolean Required If Work email that is pushed needs to be set as Public, Set value as true. Default is false. false Workday Contact information has 2 parameters: Primary and Public:
Primary: This parameter defines if the contact information is of type Primary or Additional.
Public: This parameter defines if the contact information visibility is Public or Private.
See Resources for a list of the Workday attributes that are currently supported.
-
Map the newly added attribute to relevant Okta attributes. Click Map Attributes
-
Select Okta to Workday, map attributes as shown below, then click Save Mappings:
-
Attribute-Level Sourcing
In the typical Workday writeback use case, Workday is set as the overall Profile Source. However, to have email or phone number written back into Workday, configure attribute-level sourcing with Okta, Active Directory, or some other app as Profile Source for those specific attributes. See the following example:
-
Go to Directory > Profile Editor.
-
Select Okta in the left FILTERS panel, then click Profile.
-
Select Edit.
-
Select the profile source of your choice, then click Save Profile.
-
Go to Attributes, then select Custom > Filter.
-
Select User permission and Source priority.
- Click Save attribute to complete the setup.
-
Example Expression Language Function
Note: See Okta expression language for reference.
To parse phone numbers:
For user.mobilePhone = +1 (415) 123-4567 x 12345:
Work Mobile Phone AreaCode: String.substringBefore(String.substringAfter(user.mobilePhone, "(" ), ")" ) -> 415
Work Mobile Phone InternationalPhoneCode: String.removeSpaces(String.substringBefore(String.substringAfter(user.mobilePhone, "+" ), "(" )) -> 1
Work Mobile Phone PhoneNumber: String.removeSpaces(String.substringBefore(String.substringAfter(user.mobilePhone, ")" ), "x" )) --> 123-4567
Work Mobile Phone PhoneExtension: String.removeSpaces(String.substringAfter(user.mobilePhone, "x")) -> 12345
Known limitations
-
For Workday v.15: Unlike the Workday user interface, the Workday API doesn’t have format validation/rules for phone number or email (for example: Phone number format must be 3 Digits + Optional dash (or dot) + 4 digits).
Workday v29 does perform format validation/rules for phone number and email.
-
After Okta sets the Primary Workday attributes, it doesn’t set it back to NULL. This is because of a Workday validation rule that does not allow NULL values.
Resources
Supported attributes
|
S. No |
Attribute Name |
Type |
Description |
|---|---|---|---|
| 1 | EmailAddressData Home EmailAddress | string | emailAddressDataHomeEmailAddress |
| 2 | EmailAddressData Home Primary | boolean | emailAddressDataHomePrimary |
| 3 | EmailAddressData Home Public | boolean | emailAddressDataHomePublic |
| 4 | EmailAddressData Work EmailAddress | string | emailAddressDataWorkEmailAddress |
| 5 | EmailAddressData Work Primary | boolean | emailAddressDataWorkPrimary |
| 6 | EmailAddressData Work Public | boolean | emailAddressDataWorkPublic |
| 7 | PhoneData Home Fax AreaCode | string | phoneDataHomeFaxAreaCode |
| 8 | PhoneData Home Fax InternationalPhoneCode | string | phoneDataHomeFaxInternationalPhoneCode |
| 9 | PhoneData Home Fax PhoneExtension | string | phoneDataHomeFaxPhoneExtension |
| 10 | PhoneData Home Fax PhoneNumber | string | phoneDataHomeFaxPhoneNumber |
| 11 | PhoneData Home Fax Primary | boolean | phoneDataHomeFaxPrimary |
| 12 | PhoneData Home Fax Public | boolean | phoneDataHomeFaxPublic |
| 13 | PhoneData Home Mobile AreaCode | string | phoneDataHomeMobileAreaCode |
| 14 | PhoneData Home Mobile InternationalPhoneCode | string | phoneDataHomeMobileInternationalPhoneCode |
| 15 | PhoneData Home Mobile PhoneExtension | string | phoneDataHomeMobilePhoneExtension |
| 16 | PhoneData Home Mobile PhoneNumber | string | phoneDataHomeMobilePhoneNumber |
| 17 | PhoneData Home Mobile Primary | boolean | phoneDataHomeMobilePrimary |
| 18 | PhoneData Home Mobile Public | boolean | phoneDataHomeMobilePublic |
| 19 | PhoneData Home Pager AreaCode | string | phoneDataHomePagerAreaCode |
| 20 | PhoneData Home Pager InternationalPhoneCode | string | phoneDataHomePagerInternationalPhoneCode |
| 21 | PhoneData Home Pager PhoneExtension | string | phoneDataHomePagerPhoneExtension |
| 22 | PhoneData Home Pager PhoneNumber | string | phoneDataHomePagerPhoneNumber |
| 23 | PhoneData Home Pager Primary | boolean | phoneDataHomePagerPrimary |
| 24 | PhoneData Home Pager Public | Boolean | phoneDataHomePagerPublic |
| 25 | PhoneData Home Telephone AreaCode | string | phoneDataHomeTelephoneAreaCode |
| 26 | PhoneData Home Telephone InternationalPhoneCode | string | phoneDataHomeTelephoneInternationalPhoneCode |
| 27 | PhoneData Home Telephone PhoneExtension | string | phoneDataHomeTelephonePhoneExtension |
| 28 | PhoneData Home Telephone PhoneNumber | string | phoneDataHomeTelephonePhoneNumber |
| 29 | PhoneData Home Telephone Primary | Boolean | phoneDataHomeTelephonePrimary |
| 30 | PhoneData Home Telephone Public | boolean | phoneDataHomeTelephonePublic |
| 31 | PhoneData Work Fax AreaCode | string | phoneDataWorkFaxAreaCode |
| 32 | PhoneData Work Fax InternationalPhoneCode | string | phoneDataWorkFaxInternationalPhoneCode |
| 33 | PhoneData Work Fax PhoneExtension | string | phoneDataWorkFaxPhoneExtension |
| 34 | PhoneData Work Fax PhoneNumber | string | phoneDataWorkFaxPhoneNumber |
| 35 | PhoneData Work Fax Primary | boolean | phoneDataWorkFaxPrimary |
| 36 | PhoneData Work Fax Public | boolean | phoneDataWorkFaxPublic |
| 37 | PhoneData Work Mobile AreaCode | string | phoneDataWorkMobileAreaCode |
| 38 | PhoneData Work Mobile InternationalPhoneCode | string | phoneDataWorkMobileInternationalPhoneCode |
| 39 | PhoneData Work Mobile PhoneExtension | string | phoneDataWorkMobilePhoneExtension |
| 40 | PhoneData Work Mobile PhoneNumber | string | phoneDataWorkMobilePhoneNumber |
| 41 | PhoneData Work Mobile Primary | boolean | phoneDataWorkMobilePrimary |
| 42 | PhoneData Work Mobile Public | boolean | phoneDataWorkMobilePublic |
| 43 | PhoneData Work Pager AreaCode | string | phoneDataWorkPagerAreaCode |
| 44 | PhoneData Work Pager InternationalPhoneCode | string | phoneDataWorkPagerInternationalPhoneCode |
| 45 | PhoneData Work Pager PhoneExtension | string | phoneDataWorkPagerPhoneExtension |
| 46 | PhoneData Work Pager PhoneNumber | string | phoneDataWorkPagerPhoneNumber |
| 47 | PhoneData Work Pager Primary | boolean | phoneDataWorkPagerPrimary |
| 48 | PhoneData Work Pager Public | boolean | phoneDataWorkPagerPublic |
| 49 | PhoneData Work Telephone AreaCode | string | phoneDataWorkTelephoneAreaCode |
| 50 | PhoneData Work Telephone InternationalPhoneCode | string | phoneDataWorkTelephoneInternationalPhoneCode |
| 51 | PhoneData Work Telephone PhoneExtension | string | phoneDataWorkTelephonePhoneExtension |
| 52 | PhoneData Work Telephone PhoneNumber | string | phoneDataWorkTelephonePhoneNumber |
| 53 | PhoneData Work Telephone Primary | boolean | phoneDataWorkTelephonePrimary |
| 54 | PhoneData Work Telephone Public | boolean | phoneDataWorkTelephonePublic |