You can configure write-back provisioning from PingOne to the Workday user directory. Use write-back provisioning to update certain user attributes in the Workday user directory. You enable write-back provisioning by setting attribute mappings to bi-directional.
- To enable write-back provisioning, you must first configure a Workday provisioning connection. See Creating a Workday connection.
- Configure permissions for the security group you created when you configured the Workday provisioning connection. See Configuring Business Process Security Policy permissions for write-back.
With bi-directional sync, if an attribute is changed in either directory, the other directory will be updated as well. Changes made in the Workday directory are updated on the next scheduled inbound sync, but changes made in the PingOne directory are updated immediately.
Only native source attributes can be used for write-back provisioning. You cannot use expressions and literal values for write-back provisioning. When you enable bi-directional mapping for an attribute, PingOne automatically adds the required WID (Worker ID) attribute to uniquely identify users within the Workday directory. WID is typically mapped to External ID in PingOne.
Some attributes are dependent on other attributes for write-back provisioning. For example, to write back a First Name attribute, you must also set the following attributes to write-back: Middle Name, Last Name, and Name Locale. For more information, see Workday attribute mapping. Attributes that are set to write-back (bi-directional) are indicated by a double arrow on the attribute mapping page.