Katerra, a large construction firm in the Bay area, leverages RoboMQ’s Human Resource Information System (HRIS) to Active Directory (AD) integration to automate employee onboarding and offboarding, employee lifecycle events, and Role-Based Access Control (RBAC). As a result, they’ve been able to achieve a 90% cost reduction in direct labor costs once associated with these manual updates, which in turn supports their aggressive growth.
Director of IT Infrastructure at Katerra
Yes. The AD user account in your domain and the associated email address is created automatically by this integration. We also integrate with Office 365 to manage user account and other attributes including Office groups and SharePoint access.
The data that this integration receives is often publicly available information like first name, last name, title, reports to, department, and location, etc. None of the aforementioned is sensitive or protected by any of the regulations like HIPAA or PII. During deep dive with customers, we have realized that the data this integration receives is presumed more sensitive than it really is.
UltiPro provides employee information either as an extract or via API calls. Most customers prefer employee extract as it is more reliable, efficient and cost-effective way to provide employee information and lifecycle updates.
UltiPro to AD integration has a rule engine built into it. As a customer, you will provide rules which derive AD Security Groups based on its employee attributes or a combination of those. For example, job title, location and/or department may determine employee Security Group and therefore privileged access to enterprise systems.
UltiPro to AD Integration is fully built Software as a Service (SaaS). It is configured to your needs, data mapping and business specific rules. We expect a maximum of two weeks of implementation assuming all the field mapping, and rules for security group, distribution lists and OU derivation are provided. Often, most of the implementation time beyond two weeks is spent on field mapping and rule definition at the customer’s end.
Yes. We understand handling of timely termination and removal of access is of utmost importance for the security, compliance and management of reputation risks. Terminations are processed in near real-time. Sensitive terminations can be handled by on-demand triggering of AD integration from UltiPro.
Yes. UltiPro to AD Integration supports on-premise, cloud or private cloud hosted Active Directory (AD). We also support Azure AD as well as AWS hosted Active Directory.
Yes. You can use SSO or Identity Providers like Okta, Ping Identity, OneLogin, Centrify or Auth0 along with this integration. The SSO providers enforce Single Sign On and access control based on role-based access control (RBAC) definition created by this integration. We natively integrate with Microsoft SSO with Azure AD integration. We also offer provisioners to create and manage accounts in third party enterprise systems.
Yes. The UltiPro to AD integration is fully automated near real-time integration. The Workday employee updates are pushed to RoboMQ and this integration processes the information as it is received 24x7. This integration is offered as fully hosted service by RoboMQ.
The data processed by RoboMQ is encrypted in transit and at rest. We do not store any of the employee data except the error logs. All the processing and handling of the data during the AD integration happens over the transient message queues. Furthermore, each customer has its own tenant on RoboMQ. This ensures tenant level data segregation and encryption.