MCP servers
Repository intent
This repository defines MCP servers and implementation guides that support enterprise identity operations across multiple systems.
- Identity: provides a production-oriented read path for AD user and group data, with adapters, server wiring, and tests.
- Workday: defines the Workday-to-AD identity sync implementation approach, phased delivery, and operational controls.
- Intune: captures deployment prerequisites and planning artifacts for endpoint management integrations.
Current workflow intent
The active workflow is focused on delivering a controlled Workday-to-AD sync capability that:
- Uses Workday as source of truth for worker lifecycle state.
- Uses Identity MCP as the downstream enforcement and validation interface.
- Starts read-only, then introduces approval-gated remediation actions.
- Tracks measurable outcomes, including drift reduction and provisioning speed.
Progress snapshot (2026-04-03)
Completed
- Workday execution backlog created: Workday/workday-ad-identity-sync-next-steps.md.
- Sprint-ready board created: Workday/workday-ad-identity-sync-sprint-board.md.
- Identity MCP baseline is in place with code and tests under Identity.
In progress
- Converting strategy into sprint-trackable work items (WIS-001 to WIS-030).
- Preparing dependency closure sequence for auth, non-prod access, and data contract controls.
Next milestones
- Q2 milestone 1: close blockers and validate non-prod read-only path.
- Q2 milestone 2: implement core Workday MCP tools and mismatch detection.
- Q2 milestone 3: enable daily sync checks with ticketed approval workflow.
- Q3 milestones: drift reporting, production rollout, and >=30% MTTP reduction versus Q1 baseline.