Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 1, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

HR System Integration with User Provisioning

IDFocus
By : IDFocus
INFORMATION
Published : Jan 11, 2006
Length : 7
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

HRFeed is one of the most critical elements of every Identity Management or User Provisioning solution. It is the process by which the Human Resource changes (New, Modify, Terminate) are communicated to the User Provisioning system.

It is, in most cases, the trigger to all the account creation, modification, or deletion conducted by the User Provisioning system. This document outlines the different business and technical challenges that IDFocus faced when building successful HR-to-Provisioning integration for several clients.

View All Items By This Company
Browse Related Categories :

Identity Management

,

Password Management
 
Most large organizations have some type of automated system to perform the company's human resources (HR)-related functions. Such systems handle the HR-management aspects of hiring new employees and keep track of employees' information such as contact information, salary information, performance assessments, and job status including termination.

Other systems in the organization such as Active Directory, SAP, Exchange, Lotus Notes, Secure ID, and Access control systems can make use of information created and maintained by the HR system. Because of this, it is advantageous to the organization to enable the information residing in HR systems, such as legal name or employee benefit eligibility, to feed the provisioning system which in turn feeds the other systems it is connected to.

The advantages of this approach are clear:

- No need to double-input changes. As an employee becomes shown as hired in the HR system, an account for the employee will be automatically created in the provisioning system and via it on all other target systems without further intervention.

- Assurance that the provisioning system is updated with the most current information.

- Automation of large-scale data updates that would have been time challenging and error-prone if attempted manually.

- The provisioning system is constantly updated with current information from the HR system, and accidental or unwanted changes are minimized.

Connecting between the HR system and the provisioning systems is not trivial, however. There are many considerations and technical problems between the start and the goal. When working with either this critical part of the human resource process, or with the transformation between simple information in the HR system to "time-&-money saving tasks" performed by the provisioning system, there is no room for error.

This document describes some of the issues that IDFocus has successfully faced when building HR-to-Provisioning integrations for several clients in the past.

2 BUSINESS NEEDS

The main reason for a connection between the HR and the provisioning systems is to meet the following business needs:

2.1 AUTOMATING THE " NEW HIRE " PROCESS

When a new user is added to the HR system, there is a need to have everything ready for the new employee to start working. Timing is essential - a new employee not having network access sits idle and cost the company money. This is 100% wasted time that can be avoided.

By ensuring that HR updates the provisioning system at least once per day, depending on the needs of the client, we can ensure that no longer then 24 hours will pass between the user's introduction to the company and his or her ability to start working.

Further, with pre-hire automation, we can ensure that all required resources will be created prior to the employees' arrival so that the resources are ready on the day of arrival. When taking this approach, it must be ensured that IT support staff and administrators will not have access to the new user' s private information during the pre-hire provisioning process.

2.2 KEEPING USERS' INFORMATION CURRENT

With the approach described in this article, the HR system is the one definitive source of employee information, and the only source that is updated with users details such as name, SSN, address, etc. (not IT related information such as passwords, user names, etc.). Information such as company employee number, birth date, legal name, benefits, and cost center(s) can be taken from the HR system to ensure data accuracy in the provisioning system and in other target systems. The provisioning system is connected to multiple target systems such as Active Directory and ERP systems. Without an HR system feed, owners of these systems might change users' information, either directly on the system or by using the provisioning product. Information would then become different under each system, or, worse, systems would overwrite each other constantly, possibly leading to catastrophic "update loops". These problems can be prevented by dividing the ownership of each attribute to a certain system or by creating a structure of hirerchies of which system overrules the others and under which conditions. Having a single definitive source of information is recommended, and for HR related information the HR system is the natural choice.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map