IAM - Sync User

This playbook runs on fetched Workday events. The events are changes to employee data, which in turn require a CRUD operation across your organization's apps. The playbook examines the data received from Workday, and provisions the changes in a User Profile indicator in Cortex XSOAR as well as all the supported IAM integrations that are active.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • IAM - Rehire User
  • IAM - Terminate User
  • IAM - Check If User Should Be Terminated
  • IAM - Update User
  • IAM - New Hire


This playbook does not use any integrations.


  • AssignAnalystToIncident
  • IAMInitADUser
  • PrintErrorEntry
  • SetGridField
  • Set


  • findIndicators
  • createNewIndicator
  • send-mail
  • closeInvestigation

Playbook Inputs#

NameDescriptionDefault ValueRequired
ITNotificationEmailEmail to notify about errors in the provisioning process.Required
ServiceDeskEmailEmail to send the domain user password (from Active directory) of new users, so that their equipment can be prepared by IT when they're being hired.Required
UserRoleToAssignForFailuresThe Cortex XSOAR role from which to assign users to the incident when a CRUD operation fails. This can be left empty to assign users from all roles.Optional
UserAssignmentMethodDetermines the way in which user assignments will be decided in Cortex XSOAR for the failed incidents.
Can be one of the following: "random", "machine-learning", "top-user", "less-busy-user", "online", "current".
If left empty, users will be assigned randomly.
AssignOnlyOnCallDetermines whether to assign only users that are currently on a shift to failed incidents. Set to "true" to assign only users that are currently working, or set to "false" or leave empty to assign any user.Optional
TerminateOnLastDayOfWorkDetermines whether to disable a user if their last day of work has reached. Some organizations prefer to terminate users on their last day of work rather than their termination date. If the value here is set to "True", the last day of work as configured in Workday, will result in the termination of the user.FalseRequired
TimezoneThe timezone in which employees' last day of work or termination dates are represented. Almost all IANA timezones are available for use. The full list of supported timezones is documented in the Pytz documentation which can be found at http://pytz.sourceforge.net/.
Examples of possible timezones:
- America/New_York
- Asia/Jerusalem
- Europe/Paris
DateFormatThe format in which employees' hire date and last day of work or termination dates are represented in the Workday reports. Examples of possible formats:
- %m/%d/%Y
- %d/%m/%Y

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

IAM - Sync User