CIPHR contains sensitive information about your organisation in the form of up to date employee records. The manual management of these accounts by both HR and the IT Department can be costly and time-consuming. With the HelloID provisioning engine, however, users can be automatically created as they join the organisation, group memberships updated as an employee moves from one job role to another, and user accounts terminated as they leave your organisation (JML).
The HelloID Vault
In the HelloID Vault, data collected from the HR system is stored. With our advanced mapper, employee information from HR is collected on a set schedule and written to The Vault. Only information that is relevant to the IT Department for the creation of accounts, maintenance of accounts, and disablement/deletion of accounts is collected.
Further information, such as contract information, can also be collected and stored in The Vault to ensure accounts are terminated as employees leave the organisation.
As a result of mergers and acquisitions, it can often be the case that an organisation has multiple sources of employee data. The Vault fully supports multiple data sets to provide a consistent overview of all employees by using different mapping sets for separate source systems.
Map To Target Systems
Target systems can be added to the provisioning engine once employee data has been mapped to The Vault.
Using the sample, simple mapper, IT administrators can now map from The Vault to, for example, Active Directory. Complex fields are supported to enable creation of unique usernames, email alerts can be configured for when accounts change their status, and advanced thresholds can be added for peace of mind.
With no hardware for your organisation to support and no firewall changes required for the provisioning agent, your IT systems stay up to date with user data with no hassle for the IT Department.
Correlation takes place to ensure data in The Vault is correctly matched to the target user accounts. In order to avoid possible duplicate accounts, HelloID provides a comprehensive report detailing:
- Correlated persons with accounts (Where there is a match between the person in The Vault and target systems)
- Uncorrelated persons (Where persons exist in The Vault but no match is found in target systems)
- Uncorrelated accounts (Where accounts existing in the target systems cannot be matched with persons in The Vault.)
Business Rules And Entitlements
Business rules enable automatic configuration of additional entitlements. For example, when creating an Active Directory user account, additional rights will be required based on job role and/or department.
With HelloID, this functionality is fully supported by adding additional rights based on department, or any other Active Directory attribute populated by the mapper.
HelloID supports a full impact evaluation before business rules are published. Evaluations allow IT Administrators to better understand who will be affected by the rule before it is published and actioned in the next enforcement run.
This evaluation takes places when a rule is created or changed and gives full insight into the impact of the rules, allowing for any necessary adjustments before the new entitlements go live.