ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more

A clean bill of health: Workday SaaS HR solution deployed at international healthcare group


Our client (who wishes to remain anonymous), a global healthcare giant, needed help integrating the Workday cloud SaaS app with their Active Directory, Azure AD and Microsoft Identity Manager (MIM) systems.

They had limitations with their global joiner-leaver-mover (JML) processes, including integration and adoption of internal technologies and services, which had developed as the business had grown.

They wanted to introduce the Workday HCM solution as the new authoritative source – the ‘single source of truth’ for identities – to help streamline JML processes and maintain secure access governance. This needed to cater for both ‘wired’ and ‘unwired’ users and integrate seamlessly with another of their important HR and IAM SaaS applications, ServiceNow.


  • Bulk migration of multiple sets of user data into Workday.
  • Integration of Workday with various IAM platforms.
  • Secure joiner processes for provisioning new user identities.
  • Bespoke IAM auditing and reporting capabilities.
  • Ongoing managed support to support in-house IT.

The problem

The IT team at our client’s HQ were tasked by the Board to deliver on a very important project:

“To deliver a single source of truth for HR and IAM and to make available a number of common services to employees globally through digitising their experience.”

Our client is a globally federated organisation with a common brand and common goals, but they had limitations on the global integration and adoption of internal technologies and services, which had developed as the business grew. These included:

  • Multiple HR systems
  • Multiple active directories (AD)
  • The mixture of processes and tools being used
  • A large number of employees in a ‘Care Services’ population that were not actively using IT within their day-to-day job roles

As a large organisation with multiple HR systems, active directories and other tools in place, they had an identity problem across the business that was inhibiting their ability to collaborate, work efficiently and ensure secure access to systems and information.

Our client also had a unique challenge of different user requirements for access to IT systems and applications between what they referred to as ‘wired’ or ‘unwired’ users. A ‘wired user’ needed identities synced with Azure AD for single sign-on access to business applications and systems. Whereas an ‘unwired user’ (such as a janitor or cleaner) did not have access or require access to IT, and therefore just needed identities synced to a standard on-premises Active Directory.

They wanted to introduce the Workday HCM solution as the new authoritative source – the “single source of truth” – to help streamline JML processes and maintain secure access governance.

The project had a number of important deployment and integration objectives, including:

  • Enabling all of the client’s companies to use federated identity to interface with the Workday cloud HR tool.
  • Fully integrate Workday with existing IAM systems including ServiceNow, NetIQ (in the UK) and IBM ID manager (in Spain), Active Directory and Azure Active Directory.
  • Design a process to manage the JML life cycle of a large number of wired and unwired users.
  • Integrate a solution to enable user single sign-on and user ‘self-service’ through Workday for both wired and unwired users.
Solve identity and access headaches caused by HCM SaaS solutions

Solve identity and access headaches caused by HCM SaaS solutions

Watch our webinar on-demand now and discover how to:

  • Overcome common SaaS app integration complications
  • Ensure effective data governance and compliance
Watch now

The solution

Multiple options were considered for a global system provider, including IBM, OKTA, Microsoft and Amazon Web Services. After internal considerations of cost, in-house knowledge and integration with current services and infrastructure, our client decided to move forward with the project using Microsoft technologies.

They then needed to decide on a vendor. The client had a strong existing relationship with ThirdSpace, as the business deployed their original Microsoft Forefront Identity Manager (FIM) solution within the UK. The in-house expertise and knowledge from the ThirdSpace consultants had been proven from previous engagements and the relationship was good.

ThirdSpace started the project off by helping plan the deployment and integration of Workday into the organisation. This started off with a number of exercises to migrate data out of the many global company directories into Workday and establish it as the authoritative source for all identities. This project also included some specific development work to write back company email addresses and other bespoke pieces of information.

Once Workday was set-up as the authoritative source, we then got onto helping with the integration and synchronisation of identities. This ensured that new user data would flow seamlessly into ServiceNow, as well as their many global Active Directory tenancies and Azure Active Directory.

Diagram showing Workday as the authoritative source, with data flowing into global Active Directory tenancies and Azure AD.

Once Workday was integrated successfully into ServiceNow, MIM, Active Directory and Azure AD, we then built and deployed the processes for all their JML user case requirements. Our client had a unique challenge requiring three specific user provisioning (and resulting access) journeys.

  • Journey 1: They needed a “pre-day 1” identity set up for new staff, so they could undertake and pass training and credential check requirements ahead of their start date. For example, standard health and safety training or advanced health care related training. In this user case, an Azure AD account was needed, but not a full employee account.
  • Journey 2: A joiner process for ‘unwired’ users (for example, janitors, cleaners, temporary staff), so that they would have full Workday accounts created and then have identities provisioned into local on-premises active directories.
  • Journey 3: Our client wanted to streamline and digitise the JML process for the bulk of its staff by synchronising Workday identities with Azure AD to enable secure single sign-on to company tools and applications while providing user Workday ‘self-service’ functionality.

As part of the Workday integration project, the ThirdSpace team also provided some additional auditing and reporting tools from their partner (SoftwareIDM) to augment the Workday SaaS reporting functionality.

Need to overcome challenges common to SaaS app integration? Watch our webinar on-demand and find out how you can solve identity and access headaches caused by HCM SaaS solutions.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Learn more about...


Building strong foundations for digital transformation


An integrated identity governance solution with Microsoft and Saviynt

The client

Our client’s purpose is to help people live longer, healthier, happier lives.

As a leading international healthcare group, they run care homes, health centres, dental centres and hospitals, offering personal and company health insurance as well as providing workplace health services around the globe.

They provide healthcare to over 14.5 million people through clinics and hospitals and have 15.5 million health insurance customers. They employ over 78,000 people, principally in the UK, but also Australia, Spain, Poland, Chile, New Zealand, Hong Kong, the USA, Brazil, the Middle East and Ireland.


Watch now: Solve HCM SaaS app headaches

Overcome common integration complications and ensure effective data governance.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.