1 / 27

Identity Manager New Hire Process Training

Identity Manager New Hire Process Training. Michelle Wilde (System Owner) 2010 Edition. Agenda. Why are we changing? What is I&AM? What Can you Achieve with IDM? So what happened and when? How do I get a New Hire System Access? How Long Does it Take? New Hire Step Process

edalene-meighan
Download Presentation

Identity Manager New Hire Process Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Manager New Hire Process Training Michelle Wilde (System Owner) 2010 Edition

  2. Agenda • Why are we changing? • What is I&AM? • What Can you Achieve with IDM? • So what happened and when? • How do I get a New Hire System Access? • How Long Does it Take? • New Hire Step Process • How to get a Network Password • Recurring Contingents • Demo (Time Permitting) Objectives • To help the IS Executive Admin’s understand: • How to get your new hire access before Day • Where you can get help? 2

  3. Why are we Changing? • Ever experienced 1 or more of these situations? • New Hires (including me!) not having a computer and system access on Day 1 • Different forms and tools used for getting access in different Allergan regions – paper verses liquid office • Not having visibility into what access a user has or what stuff of ours they had • Managing Contingents! • Terminated users having access to our systems long after they have gone • Head Count problems?

  4. Reduce manual account provisioning transactions Reduce password reset/account unlock Helpdesk transactions Reduce the risk of SOX security violations Provide secure web application access for both internal and external users Reduce the cycle time to on/off board user accounts What is Identity and Access Management? • What is Identity and Access Management (IAM)? • “A system to provide effective and secure management of user identities across multiple Allergan systems to manage and control system access.” • What are the projected benefits of IAM?

  5. What can you Achieve with Identity Manager ? • Manage New Hire System Access Requests • Change your own network password or unlock you network account. • Securely obtain a new password when you forgot your current password. • Request and approve application access faster than before. • Invite external partners to collaborate with Allergan colleagues by providing access to designated applications.

  6. So What Happened and When? • Back in 2009 SAP HR data was chosen to be our source of data for all employees and contingents • Phase 1 On June 28 all SAP lifecycle events, (Name Changes, Terminations, Transfers , Rehires etc) excluding applicants and new hires were handled by IDM globally. • Phase 2 On Monday Sept 27thAll SAP lifecycle events began to be processed by IDM from New Hire through to termination . • Integration of SAP-HR to Identity Manager such that system access status is directly linked to a user’s SAP HR lifecycle status

  7. How do I get a New Hire System Access? The systems involved from finding out about a New Hire to them getting System Access Step 4 Step 1 Step 2 Step 3 Network Access (not email) REAL TIME (almost) Contingent Worker System (CWS) SAP HR Identity Manager (IDM) EVERY 6 HOURS Remote Access About 24 Hours* REAL TIME User ID Tasks 2 Day SLA Systems Lifecycle • Enables access to network • Sends Tasks to User ID for Remote Access and email • Terminates Access to Network • Manages application Access (Not SAP roles) Contingents Only Access • Initiate Requests • Initiate Extensions • Initiate Deactivation / Exit • Initiate Reactivation • Initiate Delegation • New Hires • Transfers • Org Changes • Name Changes • Terminations Happy User Doing Work!

  8. How Long does it take to get Access? Step 1: Approved contingent request goes into SAP and initiates New Hire action. Enroll / reactivate your contingent in CWS. * Approvals Needed Step 2: HR enters the new employee into SAP HR when they have key info available (i.e. position, name, manager) Step 3:User will get into IDM within 6 Hours** Hiring Manager will get an email from IDM requesting they submit a New Hire Form * Approvals Needed Step 4:When the New Hire Form is approved, IDM will automatically create a disabled network account and notify the Hiring Manager/ submitter. Tasks will be sent to user ID for other requests such as email. The account is enabled on Day 1. ** Currently twice a day

  9. Step 1 – Enroll Contingent • Requirement • All contingent workers requiring systems access must go through the request and enroll process. • Who do you Need • Someone to Submit the request and enroll the contingent • Hiring Manager must approve the request • When • Once you receive an e-mail that the request has been approved and you have identified a contingent resource, you may enter the contingent worker data into the system. • Dependencies • Contingent worker Company must be set up in the SAP Accounts Payable system. • Make sure a valid contract is in place before engaging a contingent worker. • If Status is Active, the current manager must approve before the transfer can be completed. • If the contract owner / hiring manager forgets to extend the contract, network access will be terminated!

  10. Step 1 – Enroll Contingent Confirmation e-mail of enrollment – wait for Identity Manager hire confirmation Contract Expiration Notice

  11. Step 2 – Enter User into SAP HR • Requirement • All users (employees and contingents) have to be entered in SAP HR • Who do you Need • HR Shared Services / HR Business Partner to enter New Hire info for employees • CWS system feeds over to SAP HR for approved contingent requests • When • 1) Once the verbal offer has been accepted and SAP HR has been provided the base information for a new employee they can be entered into SAP HR. • 2) When a contingent request is approved and the user is enrolled in CWS, SAP HR is updated • Dependencies • Contingents approved in CWS • Verbal offer accepted by employees • Base information provided to SAP HR (Position etc) to set up account

  12. Step 3 – IDM New Hire Forms • Requirement • New Hire Form is submitted. Access is provided after a New Hire Form is submitted and approved • Who do you Need • Anyone can submit a New Hire Form • Hiring Manager must approve all New Hire Forms. Space Planning approves onsite users for Irvine only • Once the User is in IDM, requests can be submitted for access to other applications that IDM manages • When • Within ~6 hours after the New Hire is entered into SAP HR it will come into IDM • Dependencies • Contingent and Employees are in SAP HR • Space Planning approves New Hire Form (Irvine) • Hiring Manager approves New Hire Form

  13. Step 4 – Access to Systems • Requirement • Network Accounts are automatically created by IDM. User ID sets up additional accounts requested. • Who do you Need • User ID (Outlook, remote access) • When • When New Hire Form is approved the network account is automatically created in a disabled state • Tasks are sent to User ID to set up additional access requests (2 Day SLA) • Dependencies • New Hire Form is approved • New Hire Date reached for network account to be enabled • User needs a password to Log In

  14. How does my New hire get his Network Password? • Process 1 – Self Registration • When a new hire comes into IDM they will be sent a self registration email, which allows them to log into IDM where can create the security profile and their Day 1 network password • Process 2 – Call Helpdesk on Day 1 • Both employees and contingents can call the help desk on Day 1, provide some personal identification information and they will be provided a 1 time password to the network

  15. How does my User get his Network Password? Self – Registration Notification

  16. Recurring Contingents • Within 24 hours of last day worked access to the network, remote access and blackberries / smart phones will be disabled (network account automatically disabled) • 30 days later access to all applications will be removed • However…………… • For recurring contingents HR can initiate a “disable” transaction in SAP HR and the access to the network and remote access will be disabled but access to all other applications will remain This means if a recurring contingent is Active in SAP and has a valid contract, we can restore their access QUICKLY!

  17. Demo

  18. New Hire Form – Notifications 1 E-mail to Hiring Manager when New Hire comes into IDM from SAP HR

  19. New Hire Form – Notifications 2 An notification e-mail to approve the New Hire Form will be sent to the Hiring Manager. Follow the link provided and the task to “Approve New Hire Form” will appear in your Work List. Click on the appropriate work list item.

  20. New Hire Form – Notifications 3 An notification e-mail to the submitter and hiring manager that the new hire form has been approved and the network account has been created

  21. View My Submitted Tasks (Demo) Got to User Access>View My Submitted Tasks>Search for Submitted Tasks. Status of the Task is shown.

  22. View My Submitted Tasks (Demo) You can drill down on the task to see details. The overall task status is displayed at the top.

  23. View My Submitted Tasks (Demo) You can drill down on the task to see details. The overall task status is displayed at the top.

  24. What are the Benefits? Many benefits to new system… • Reduce the number of password-related Help Desk calls by 70% • Enable faster turnaround for new user accounts • Reduce (by up to 90%) the manual work required to create, modify and delete user ID accounts. • Reduce the risk of regulatory violations • Encourage collaboration by allowing external users to access designated Allergan applications • Reduce costs (save $15+ each time someone manages their own password)

  25. Impact: System Access System Access Requests

  26. Additional Resources • On line resources • Identity Manager FAQ’s: http://collaboration.allergan.com/TrainingCenter/iam/default.aspx • Managing Account Access for New Hires (Reference Guide) • How to set up Out of Office and Approval Delegations • Information: New Enterprise Identity Manager Capabilities to Support New-User Onboarding • Additional Questions or Help • System Owner: Michelle Wilde • SAP HR: Call your HR Manager • Helpdesk: (714 246 HELP) • Email: identitymanager@allergan.com

  27. Questions / Discussion

More Related