<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Update Workday Universal ID on Okta User Profile
May 21, 2025
Okta Integration Network
Okta Classic Engine
Okta Identity Engine
Overview

This article provides information about Universal ID and additional guidance to add the Universal ID from Workday to the Okta User profile. 

Applies To
  • Workday
  • Provisioning
  • Universal ID
  • Universal Directory
  • Okta Integration Network (OIN)
  • Lifecycle Management
Solution

What is Universal ID?

On the Workday side, Contractor and Full-Time workers are two separate entities with two separate Workday IDs. Universal ID configuration allows you to link these together by setting the same secondary ID for both (Universal ID).

Why is a Universal ID needed?

If Workday Provisioning integration is configured with a pre-hire interval, but Universal ID is not configured, Okta will pull in the Contractor worker, and while fetching pre-hires the future Full-Time user (pre-hire) will also be pulled in. As a result, Okta will create a duplicate entry in the Import tab. This happens because those two workers in Workday have different Workday IDs, and Okta cannot detect they are the same user.

How does it work?

When Universal ID is configured in Workday, as part of the Contractor to Full-Time conversion feature, Okta detects if any workers are coming in as pre-hires that have the same Universal ID as the currently active and existing workers. If there are such pre-hires, they are filtered out while the currently existing workers with the same Universal ID are present.

 

When the Contractor worker is deactivated, and the import from Workday is running, a Full-Time user will be selected, as the Contractor is no longer an option.

 

Upon conversion, the Okta user is deactivated and then reactivated. This is expected behavior as, from Okta’s perspective, the Contractor worker is terminated, and a new Full-Time worker is hired.

 

This was implemented to support cases when a Contractor worker is terminated, but the hire date of the Full-Time user is not the same day. 

 

If there are users that are deactivated in Okta when setting up the Universal ID, their accounts will need to be reactivated for the change to take effect. After the attribute is updated, the user can be deactivated. 

 

If the above needs to be performed on a large number of users in bulk, this can be performed using APIs via Postman. 


Related References

Recommended content

Documentation
Workday
Documentation
Workday
Documentation
Update group profile attributes
Documentation
Update group profile attributes
Still looking for help?
Loading
Update Workday Universal ID on Okta User Profile