The challenge
In enterprises, human resources (HR) teams work in tandem with other teams to provision accounts for new hires and deprovision accounts when employees leave. Apart from user account provisioning and deprovisioning, there will be timely requests to update profiles when the users want to change their personal information or move to a different team or location. This dependency on external teams can create bottlenecks in employee onboarding and increase security risks when the access rights of former employees are not revoked in time.
The solution
Integrating Ceridian Dayforce with ManageEngine ADManager Plus enables you to synchronize data stored in Ceridian Dayforce with AD. ADManager Plus' integration with Ceridian Dayforce aims to simplify these tasks:
- Provisioning user accounts in AD
- Deprovisioning user accounts from AD
- Modifying user accounts in AD
Benefits of HR-driven life cycle management
- Accelerate the employee onboarding process.
- Mitigate potential compromise of ex-employees accounts.
- Synchronize the updates made in the HR system with AD.
- Keep stakeholders, such as managers, appraised about employee onboarding, offboarding, and account modifications.
- Minimize dependency on external teams.
Integration overview
When ManageEngine ADManagerPlus is integrated with Ceridian Dayforce, it can perform the following actions based on the users' attribute values in Ceridian Dayforce.
Create user accounts | Add users to groups |
Modify user attributes | Remove users from groups |
Modify user accounts by template | Create mailboxes |
Reset passwords | Disable or delete mailboxes |
Unlock users | Move home folder |
Disable users | Delete home folder |
Enable users | Revoke Microsoft 365 licenses |
Delete users | Manage user photos |
Run custom scripts | Disable Lync accounts |
Move users across groups | Auto reply |
When this integration is in place, admins will be able to provision, modify, and deprovision AD users automatically based on the respective details entered in Ceridian Dayforce.
Prerequisites
You must have permission to use Ceridian Dayforce integration. Follow the steps given in this
Ceridian Dayforce documentation to configure the prerequisites.
Having appropriate permissions lets ADManager Plus fetch information from various data fields in Ceridian Dayforce.
Configuration steps
Steps to configure Ceridian Dayforce settings in ADManager Plus
- Go to the Automation tab.
- Click HCM Integrations under Automation in the left pane.
- Under the HCM applications section, click the Custom HCM tile.
- In the Custom HCM Integration window that pops up, enter a suitable Name, Description and upload a Logo of Ceridian Dayforce, and press Save.
- Click the Ceridian Dayforce integration tile added in the previous step to configure the API authorization methods, endpoints, and LDAP data mapping.
- Click Authorization and select the Authorization Type as API Key.
After selecting the API key as the authorization type, - Enter the key name and value obtained from these steps in the Key and Value fields respectively.
- Associate the key to a header/query parameter using the Add To dropdown menu and click Configure.
- In the Ceridian Dayforce Endpoint Configuration section, click Add API Endpoint, and add the following:
- In the Endpoint URL field, enter the API configured using the Ceridian Dayforce Connector.
- Click Advanced Options to add headers and parameters.
- Choose Get in the Method section.
- Enter this data as configured in the API settings:
- Headers: Click and configure the respective headers.
- Parameters: Click and configure the query parameters.
- Message type: Select the data type as JSON.
- Check the Repeat calling this Endpoint option to repeatedly call the API until you get the required response. From the drop-down menu, select the parameter and specify the increment value. You can also set a condition which, when satisfied, calls the endpoint repeatedly.
Note: You can configure multiple endpoints for a HCM solution.
- Once done, click Test & Save. A response window will display all the requested elements.
- Click Data Source - LDAP Attribute Mapping to map endpoints and AD LDAP attributes with the respective attributes in the HCM solution.
- Enter the Configuration Name, Description and select the Automation Category from the dropdown menu.
- In the Select Endpoint field, select those columns that are unique to users (employeeIdentifier, username, etc.) but hold the same value in all the endpoints.
- In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop down menu and map it with the respective column in the HCM solution.
For example, - Select the endpoint created and select the attribute ID from the dropdown.
- Map the AD LDAP attributes with the corresponding Ceridian Dayforce additional field which will be created in AD.
- Click Save.
Steps to configure automation in ADManager Plus
ADManager Plus' Automation feature simplifies the process of configuring and scheduling user provisioning, deprovisioning, and reprovisioning from Ceridian Dayforce. By automating these processes, you can potentially reduce the need for manual labor.
Follow these steps to automate user provisioning effortlessly:
- Click the Automation tab.
- From the left pane, click on Automation.
- Click Create New Automation in the top-right corner.
- Enter a suitable automation name and description.
- Select User Automation from the Automation Category drop-down list.
- Choose a domain and OU.
- In the Automation Task/Policy section, choose the desired task (Create Users, Modify User Attributes) or an automation policy from the drop-down list.
- In the Select objects section, select Data from Ceridian Dayforce.
- Set your execution date and time.
- Click Save.
How does the integration work?
In ADManager Plus, create an automation that will run at a set frequency to provision users. When the automation is executed, ADManager Plus will fetch user data in Ceridian Dayforce by initiating the API calls configured in earlier steps.
Once ADManager Plus receives the data from Ceridian Dayforce, the data is stored in the product's built-in PostgreSQLdatabase (or in your Microsoft SQL database), and the corresponding changes will be made in the AD environment.
What information is stored in ADManager Plus?
After the initial configuration is complete, ADManager Plus will fetch the data from Ceridian Dayforce at the scheduled time. The fetched data is stored in ADManager Plus' database, which is located within your premises. The stored data is used to perform management actions, such as provisioning, reprovisioning, or deprovisioning users, based on the automations that have been configured.