nathan/nexus-mcp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nexus-mcp/Workday/CoPilot Generated Deployment Plan.md

218 lines
6.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Deployment Plan — Workday READONLY MCP
## Purpose & Scope
### What this MCP is
A **Workday Context MCP** that exposes **authoritative workforce data** to downstream identity and device workflows **without performing HR actions**.
### What this MCP is *not*
* ❌ Not provisioning users
* ❌ Not triggering hires/terminations
* ❌ Not modifying worker records
* ❌ Not replacing PECI or HR integrations
> MCP is used to **observe and reason**, not execute HR transactions.
***
## Phase 0 — Governance & alignment (mandatory)
### Stakeholders
* HRIS (Workday owner)
* IAM / AD owners
* Security
* Deskside / IT Ops
### Explicit agreements (write these down)
* Workday remains **sole Source of Truth**
* MCP access is **readonly**
* Identity actions remain **ITowned**
* MCP insights may **recommend**, not execute
This mirrors how Workday integrations are typically consumed by downstream systems today. [\[sqlservercentral.com\]](https://www.sqlservercentral.com/articles/model-context-protocol-mcp-a-developers-guide-to-long-context-llm-integration)
**Exit criteria:**
Security and HR sign off on *readonly contextual access*.
***
## Phase 1 — Integration foundation (no AI yet)
### Objective
Create a **Workday MCP server** that safely wraps existing Workday APIs.
### Technical model
* Workday **Integration System User (ISU)**
* OAuth 2.0 / API credentials
* Scoped to **GETonly endpoints**
* No custom UI access
* No background jobs
This matches standard Workday REST integration practices. [\[sqlservercentral.com\]](https://www.sqlservercentral.com/articles/model-context-protocol-mcp-a-developers-guide-to-long-context-llm-integration)
***
## Phase 2 — Tool surface definition (critical)
### Only expose identityrelevant context
These tools already exist conceptually in HRIS integrations and are widely used by downstream systems:
#### Core MCP tools
workday.getWorker(identifier)
workday.getWorkerStatus(identifier)
workday.getWorkerOrgAttributes(identifier)
workday.getWorkerManager(identifier)
workday.getWorkerEffectiveDates(identifier)
### Data allowed
* Worker ID
* Name / email
* Employment status (active, terminated, futuredated)
* Job profile
* Cost center / department
* Location
* Manager
### Explicit exclusions
* Compensation
* Performance
* Benefits
* Payroll
* Medical / protected fields
**Exit criteria:**
HR confirms fields exposed align with leastprivilege HRIS policy.
***
## Phase 3 — Readonly validation & drift detection
### Objective
Use Workday MCP to **detect identity drift**, not fix it.
### Example readonly use cases
* “User active in AD but terminated in Workday”
* “User manager mismatch between AD and Workday”
* “Futuredated hires missing in AD”
* “Contractors whose Workday end date has passed”
These patterns are already common in Workday → downstream sync architectures. [\[artificial...school.com\]](https://artificialintelligenceschool.com/model-context-protocol-mcp-guide/)
**Exit criteria:**
Workday MCP reliably answers identity state questions without writes.
***
## Phase 4 — Correlation with Identity MCP (key value)
### Objective
Let AI reason across **Workday → AD / Entra → Intune**.
### Architecture
Workday MCP (SoT)
Identity MCP (AD / Entra)
Device / Access Decisions
### Example insight queries
* “Who *should* exist vs who *does* exist”
* “Which users still have access but are no longer employees”
* “Which new hires are futuredated and should not be provisioned yet”
**Important**
Workday MCP **never** updates AD.
It only provides authoritative context.
***
## Phase 5 — Humanapproved remediation workflows
### Objective
Use Workday MCP insights to **support existing SOPs**, not replace them.
### Pattern
1. AI detects mismatch
2. AI explains *why* (Workday vs AD)
3. Human chooses remediation
4. Identity MCP or existing automation executes change
5. Ticket updated
This preserves separation of duties and auditability.
***
## Phase 6 — Audit, security, and lifecycle controls
### Logging
* Every MCP request logged
* Tool name + parameters + timestamp
* No PII expansion beyond approved fields
### Change management
* Tool definitions versioncontrolled
* HR schema changes reviewed
* Workday biannual releases validated (standard HRIS practice) [\[dev.to\]](https://dev.to/jamie_thompson/mcp-servers-explained-how-ai-assistants-connect-to-your-tools-598o)
### Access lifecycle
* Integration user rotated per policy
* MCP server access limited to approved hosts
***
## Risk analysis (why this is safe)
| Risk | Mitigation |
| --------------------- | -------------------------- |
| HR data misuse | Readonly + scoped fields |
| AI acting as HR | No write tools exposed |
| Privilege creep | Fixed tool manifest |
| Audit gaps | Full request logging |
| Integration fragility | Uses standard Workday APIs |
This is **safer than CSV exports or adhoc scripts**, which bypass observability.
***
## Deployment sequencing (recommended)
1. ✅ Workday MCP (readonly)
2. ✅ Identity MCP (readonly)
3. ✅ Correlation & reporting
4. ✅ Humanapproved remediation
5. ❌ Never allow Workday writes via MCP
***
## Executivelevel summary (one paragraph)
> This deployment introduces a readonly Workday MCP that exposes authoritative workforce data to IT identity systems without allowing AI or automation to modify HR records. Workday remains the Source of Truth, while AD and Entra remain enforcement systems. MCP improves visibility, reduces identity drift, and strengthens auditability without changing ownership boundaries or compliance posture.
***
## Onesentence takeaway
> **A readonly Workday MCP gives IT perfect awareness of “who should exist” without ever letting AI touch “who exists.”**
***
Reference in New Issue View Git Blame Copy Permalink