Connecting Your HRIS to directories.do for True Zero-Touch Provisioning

The age-old dance between HR and IT is a familiar one. A new employee is hired. HR opens a ticket. IT manually creates an account in Active Directory, another in Okta, a third in Google Workspace, and then spends an hour assigning the right group permissions. The process is slow, prone to human error, and a drain on resources. What if it could be completely automated?

Welcome to Zero-Touch Provisioning. By connecting your Human Resources Information System (HRIS) — the single source of truth for employee data — to directories.do, you can build a seamless, event-driven system that manages the entire identity lifecycle automatically. No tickets, no manual steps, just efficiency.

The Dream of Zero-Touch Provisioning

Zero-Touch Provisioning isn't just a buzzword; it's a fundamental shift in how we manage identity. It means that when an employee's status changes in your HRIS, their digital identity and access permissions across all your systems are updated in real-time, without any human intervention.

The key triggers are simple and correspond to the employee journey:

• New Hire: An employee is added to Workday, BambooHR, or another HRIS.
• Role Change: An employee is promoted, changes departments, or gets a new manager.
• Termination: An employee's status is set to "terminated" on their last day.

By using your HRIS as the trigger, you ensure that your directory services are always an accurate reflection of your current workforce.

How It Works: Connecting Your HRIS to the Unified API

Integrating your HRIS with directories.do creates a powerful automation engine. While the specifics can vary, the workflow generally follows a simple, three-step pattern: an event in the HRIS triggers an API call to directories.do, which then orchestrates the changes across all your connected directories.

Let's break down a common scenario: onboarding a new engineer.

Step 1: The HRIS Trigger

Your HR team hires a new engineer, Jane Doe. They enter her details into your HRIS (e.g., Workday). Modern HRIS platforms can be configured to send a webhook when a specific event, like "New Hire," occurs. This webhook is a small payload of data containing all of Jane's relevant information: name, email, title, department, employee ID, etc.

Step 2: The Automation Layer

A simple listening service (like a serverless function or a workflow in a tool like Zapier) receives this webhook. Its job is to parse the data from the HRIS and translate it into a single, clean API call to directories.do.

This is where the business logic lives. For example, you can define rules like, "If the department is 'Engineering', add the user to the 'engineers' and 'product-team' groups."

Step 3: The directories.do API Call

Using the data from the webhook, your automation layer makes a call to the directories.do unified API. Instead of juggling separate SDKs for Active Directory, LDAP, and Okta, you make one simple call.

import { directories } from 'sdk.do';

// This payload is built from the HRIS webhook data
const hrisPayload = {
  firstName: 'Jane',
  lastName: 'Doe',
  email: 'jane.doe@example.com',
  department: 'Engineering',
  employeeId: 'E12345',
  costCenter: 'CC-987'
};

// Map HRIS department to platform-specific groups
const userGroups = ['all-employees'];
if (hrisPayload.department === 'Engineering') {
  userGroups.push('engineers', 'product-team');
}

// Create the new user across all connected directories
const newUser = await directories.users.create({
  firstName: hrisPayload.firstName,
  lastName: hrisPayload.lastName,
  email: hrisPayload.email,
  groups: userGroups,
  attributes: {
    employeeId: hrisPayload.employeeId,
    costCenter: hrisPayload.costCenter
  }
});

console.log(newUser);
// { id: 'usr_abc123...', status: 'provisioned' }

The Magic: One Call, Universal Impact

Once directories.do receives this create request, its agentic workflows take over. It securely communicates with every directory service you've connected:

• Creates the user in Microsoft Active Directory and places them in the correct OU.
• Provisions a profile in Okta and assigns them to the necessary applications.
• Adds them to the right groups in Google Workspace.
• Syncs their attributes across all systems.

By the time Jane Doe walks in for her first day, all her accounts are active and have the correct permissions. IT did nothing.

Beyond Onboarding: The Full Identity Lifecycle

This automated workflow extends far beyond just creating users.

• Automated Offboarding: When an employee is terminated in your HRIS, a webhook can trigger a directories.users.update({ id: 'usr_abc123', status: 'suspended' }) or directories.users.delete() call. This immediately and universally revokes all access, closing a major security gap. No more lingering "ghost" accounts.
• Promotions & Role Changes: If Jane Doe is promoted to "Engineering Manager," the HRIS update can trigger a workflow to add her to the engineering-managers group and remove her from the individual-contributors group, automatically adjusting her access levels across all applications.

Start Building Your Zero-Touch Future

Integrating your HRIS with directories.do isn't just about saving time — it's about creating a more secure, compliant, and efficient organization. By treating your HRIS as the source of truth, you eliminate manual drift, ensure immediate access revocation for departing employees, and give new hires a perfect day-one experience.

With directories.do, you have the universal API layer to turn complex, multi-system identity operations into simple, automated workflows.

Ready to eliminate manual user provisioning forever? Explore directories.do and reimagine your identity management.