Ryan- Depending on your needs it can either be on top of AD FS or in lieu of. It depends whether you want to have true single sign-on from your on prem machines or not, primarily. If you don't do AD FS, you can sync your AD passwords (actually, a rehashed version of the hash AD stores) and then people will sign in to AAD protected resources again with the same credential. For people on the LAN, with AD FS, they should pass straight through.
There are quite a few other benefits of AAD and the EMS suite which it is typically purchased as a component of. Let me know if you have additional questions. Thanks, Brian Desmond (w) 312.625.1438 | (c) 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 21, 2016 5:51 PM To: [email protected] Subject: [NTSysADM] RE: has anyone integrated with AD and Workday? Thanks a lot Brian, I saw the AAD announcement earlier while googling around, and it did sound very much like what we're looking for. We don't do anything with Azure right now, including AAD, although I keep thinking that's an area we go into. So would the AAD bit be on top of or replace ADFS for SSO? I'm thinking we'd need to run both components but want to make sure my thinking is right. Ryan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Thursday, January 21, 2016 3:38 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: has anyone integrated with AD and Workday? I have done the authentication piece a number of times. On the AD integration side, I've usually seen this done with flat files and something like MIM (Microsoft Identity Manager) to process them. Azure Active Directory Premium (AAD-P), however, has an interesting capability that may be of interest to you. You can configure AAD-P to do inbound synchronization from Workday according to some basic rules you define. The users can then be sync'ed back to your on-premises domain with AAD Connect. Thanks, Brian Desmond (w) 312.625.1438 | (c) 312.731.3132 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, January 21, 2016 11:52 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] has anyone integrated with AD and Workday? Hi: I've been asked about linking our on-prem AD domain services with our HRIS system, Workday, which is cloud-based. I'm wondering if anyone has been through this process? From the Googling I've done, Workday does support ADFS for single signon, which is a good start, but I don't think ADFS will let Workday read and write information to AD objects and let it do things such as create user accounts or update information or read user information for its own database. The obvious solution is to give them LDAP read/write access which kind of bothers me as I don't want some 3RD party reading/writing to our AD like that. I'm wondering if there's an option I'm missing on how this works? Thanks. Ryan Ryan Shugart Windows System Administrator MiTek USA, MiTek Denver 303-723-4975 MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
