<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006fghQ9SAIOkta Classic EngineLifecycle ManagementAnswered2020-06-08T18:02:53.000Z2019-09-20T21:15:41.000Z2019-09-23T21:38:43.000Z

JamesN.83470 (Customer) asked a question.

September 20, 2019 at 9:15 PM
Okta Lifecycle: Universal Directory to Active Directory - Mark updated accounts?

Hi there,

 

We recently deployed Okta Lifecycle with Workday as our identity master. We have a few items in our on-premise active directory that are not capable of being handled within the account lifecycle update process, and so we have a few lean custom powershell scripts to handle. For new accounts, this is very easy -- we push a "1" to a custom attribute on "create only" to flag the account and new and in need of process. The script then removes the 1 so the next iteration doesn't re-process the account.

 

is there some way that we can similarly "mark" an account any time a change is propagated from Workday to Universal Directory down to Active Directory? For example, if we set that same value to "2" for create and update....and say, the user's department changed and pushed down to active directory, would only the department update, or would all attributes be re-pushed? i think that would

  • 1 answer
  • 652 views

  • dragos.milea1.530705462936647E12 (Vendor Management)

    Hi James,

     

    My name is Dragos and I will answer your question.

     

    You are correct when assuming that even if a change is done on the user`s profile-- without being propagated, and another one is performed, the next sync will push all of the changes.

     

    I'm not sure if you use Real Time Sync for Workday, but it shouldn't have a saying in this, since it's only handling activation/termination date and the user`s basic profile.

     

    I would recommend opening a support ticket with us for a review of the current configuration so we can convey with the best recommendations.

     

    Thank you,

    Dragos Milea

    Okta Global Customer Care Team

    Expand Post
    Selected as Best

  • dragos.milea1.530705462936647E12 (Vendor Management)

    Hi James,

     

    My name is Dragos and I will answer your question.

     

    You are correct when assuming that even if a change is done on the user`s profile-- without being propagated, and another one is performed, the next sync will push all of the changes.

     

    I'm not sure if you use Real Time Sync for Workday, but it shouldn't have a saying in this, since it's only handling activation/termination date and the user`s basic profile.

     

    I would recommend opening a support ticket with us for a review of the current configuration so we can convey with the best recommendations.

     

    Thank you,

    Dragos Milea

    Okta Global Customer Care Team

    Expand Post
    Selected as Best
This question is closed.
Loading
Okta Lifecycle: Universal Directory to Active Directory - Mark updated accounts?