Azure AD supports photo synchronization in Identity Manager User container. However, Workday supports photo synchronization through a different container called wd-Photo.
Follow the below procedure to complete the synchronization:
In iManager, navigate to Identity Manager Overview > Driver Sets > click the driverset link > Workday driver. Click the Workday driver to launch the fish-bone diagram. :
Click the Filter in the Subscriber channel, add the Azure attribute jpegPhoto as the user class filter with the following attribute settings:
Publisher: Ignore
Subscriber: Notify
For the Workday attribute wd-Photo class, set the Subscriber channel to sync.
Place the following policy in the subscriber etp after NETQWDDCFG-sub-etp-SupportedOperations-users:
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>subPhotoSync</description>
<comment xml:space="preserve">SubPhotoSynz</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-op-attr name="jpegPhoto" op="changing"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="workerID" scope="policy">
<arg-string>
<token-attr name="workforceID"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="eType" scope="policy">
<arg-string>
<token-attr name="wd-WorkerIDType"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="photoVal" scope="policy">
<arg-string>
<token-op-attr name="jpegPhoto"/>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="wd-Photo" name="photo" when="after">
<arg-association>
<token-local-variable name="workerID"/>
<token-text xml:space="preserve">-</token-text>
<token-local-variable name="eType"/>
</arg-association>
<arg-value type="octet">
<token-local-variable name="photoVal"/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
</policy>