very niche post - sysadmins working at a larger org using employment hero

Posted by GherkinP@reddit | sysadmin | View on Reddit | 14 comments

We’re past the point of People and Culture slamming an unstructured ticket into our PSA, but at the funny size where that team still like Employment Hero (no SuccessFactors or Workday on the horizon yet).

Does anyone here have automation using data coming from Employment Hero into an on-premise AD?

[-]

anikansk@reddit

Hey Ill be tackling the same project new year, so Im bookmarking if you get somewhere and Ill return if I get somewhere. Im looking to at least create a join on employee ID so I can then verify metadata, manager, reports etc etc. It would be handy for terminations as well, mine dont tell any one.

Ideally Id be looking at power automate, ensure come API call via powershell function in azure. These were the links Ive booked against the ticket, have not read a word yet -

https://developer.employmenthero.com/api-references
https://api.keypay.com.au/australia/guides/Home
https://help.employmenthero.com/hc/en-au/p/api-developer-hub

Interestingly they advertised for a Power Automate Expert - https://employmenthero.com/jobs/position/otic-group-pty-ltd-power-automate-developer-complex-workflows-unjas/ yet Power Automate doesnt appear on their integrations page - https://employmenthero.com/integrations/ .

Goodluck, and Id like to hear how you go, I wont get to it till new year.

[-]

GherkinP@reddit (OP)

Hey, PM me… I just wanna make sure we aren’t looking at the same project for the same business 😂

[-]

anikansk@reddit

We are not.

[-]

GherkinP@reddit (OP)

What makes you so sure of that?

[-]

anikansk@reddit

I am my business.

[-]

Jealous-Bit4872@reddit

Look at me.

[-]

SevaraB@reddit

We're a Workday shop, but took me two seconds to find open docs on Employment Hero HR's API- particularly the "Employee" data model:

https://developer.employmenthero.com/api-references#employee

Generally, what I would do is run this every night:

Use the API to build a CSV of all the employees in the system.
Diff it against "last night's" CSV (which is going to have zero entries at the start and keep everything it pulls) for changes.
Run a for-each Powershell script that generates or updates AD-objects for each user.

Later on, I'd tune the Powershell so it could run multiple threads and/or multiple instances in case the employee update volume gets so big the process would run longer than the nightly change window.

[-]

Just_litzy9715@reddit

Treat Employment Hero-to-AD as a staged, idempotent HR feed with a quarantine OU. Consume webhooks, queue, validate effective dates, map department/location to OU/groups, enforce UPN rules with collision/re-hire logic, then apply creates/updates/terms. I’ve used Azure Automation and n8n to orchestrate; DreamFactory only when I needed quick REST over SQL to normalize EH payloads. Bottom line: stage, validate, then apply.

[-]

Calleb_III@reddit

Do you have IT ticketing system? The way i have seen it handled in most places is that HR creates a ticket for new user provisioning in the IT ticketing system that triggers a number of automated and manual workflows depending on area and maturity to create the user, add it to relevant groups, assign relevant licenses, laptop/VDI etc.

I have never seen direct automation where the HR system triggers the flows

I would be weary of doing a full automation, essentially allowing HR to create admin accounts.

[-]

Distinct-Sell7016@reddit

for automation with employment hero into on-prem ad, you can use custom scripts or middleware solutions. maybe check community forums for shared scripts. integration can be tricky without native support.

[-]

anikansk@reddit

I thought he was asking a community forum?

[-]

Vektor0@reddit

Does anyone here have automation using data coming from Employment Hero into an on-premise AD?

Seems like that ought to go the other direction: AD sends data to the HR service.

[-]

SirLoremIpsum@reddit

Seems like that ought to go the other direction: AD sends data to the HR service

I would disagree... HR makes offer. Offer accepted. HR system sends to AD to create user accounts for certain role.

Terminations happen in HR system. Flows to ad to disable accounts.

You don't want to make IT responsible for creating user accounts in order to flow into HR system

[-]

post4u@reddit

100% this. The organization's ERP/personnel system should drive account creation. HR already has all the employee source demographic information, title, site, department, etc. Let that flow into all other downstream systems. Then when HR makes a name change or someone changes positions or sites, have that drive the changes downstream. In a perfect world, IT never creates or renames a staff account manually. It all comes from source.