Manage Workforce Identites

A workforce identity refers a user account related to an employee of an organization. The application automatically gets the workforce data from the ORSUS HR system through Inboud SQL connector, any other third-party employee management system or through workforce feed systems, such as inbound SQL/flat file. After the data is loaded, authorized users can update user data, including risk details and regulation information. In addition to automated provisioning policies, authorized users can manually provision/deprovision workforce identities to target systems with schema mapped in the target system configurations.

As an authorized user, you can perform the following workforce user management tasks.

• View user details
• Update user details
• Request account
• View account details
• Disable/Enable accounts
• Remove account
• Reset account password

View User Details

The view operation allows you to view detailed information of the user profile.

To view user details:

1. On the IAM menu, click the Identities tab and then click Workforce on the sub-menu. The Workforce Identity page displays. It shows the list of Internal Users, who are imported from inbound feed connector
2. Search for the user for which you want to view the details, click on the workforce identity record and then click Edit. The workforce user details are displayed in the following sections/tabs.

• The Basic Information section: Displays the basic details of the profile that includes name, email id, organization, login name, staff id, etc. For more details, see User Attributes.
• The Personal Details tab: Displays the personal information that include address, timezone, date of birth, and other details.
• The Contact tab: Displays the contact information of the user that include desk number, alternate contact number & email, fax, etc.
• The Work tab: Displays the position details that include position name, department, cost center, etc.
• The Employment tab: Displays the employment details that include employment start date, hire date, LOA dates, termination date, exempt status, etc.
• The Office tab: Displays the workplace details that include location name, building, floor, workspace, mailstop and dropzone information.
• The Risk & Audit tab: Displays risk score, clearance category and active state of the user.
• The Personal Vehicle tab: Displays personal vehicle details, including driving license, car license plate numbers, etc.
• The Account Target tab: Displays provisioning details of the user account to target systems.
• The Regulation tab: Displays regulatory controls added to the user profile.
• The SMTP Accounts tab: Displays SMTP domain/accounts added to the user profile.

Update User Details

Since ORSUS IAM reads the user information from a different source (such as ORSUS workforce or Inbound SQL), the application allows to only define additional profile elements like adding regulations, SMTP domains or accounts and requesting or removing target system accounts to the user profile. The application doesn't allow to update other details like basic, personal, work, employment, etc. The updates to regulation, SMTP and accounts are broken up across the different tabs and they are independent of each other. So, these details have to be saved individually.

To update user details:

1. On the IAM menu, click the Identities tab and then click Workforce on the sub-menu. The Workforce Identity page displays. It shows the list of Internal Users, who are imported from inbound feed connector
2. Search for the user for which you want to update the details, click on the workforce identity record and then click Edit.
3. To update regulation details, click the Regulation tab and then click the Add Regulations button. Provide the following information and then click Save.

• Regulation Name: Click the Browse button, select the regulation name that you would like to add to the identity from the Regulations pop-up window and then click Ok.
• Target name: Click the Browse button, select the target name to which you would like to add to the regulation from the Targets pop-up window and then click Ok.
• Risk Score: Enter the risk score to the regulation that you would like to add.
• Description: Enter any additional information for the regulation.

4. To update proxy SMTP details, click the SMTP Accounts tab and then click the Add New button. Provide the following information and then click Save.

• SMTP Account Name: Enter SMTP Account Name that you would like to add to the workforce identity.
• SMTP Account Value : Enter SMTP Account Value that you would like to add to the workforce identity.

Add Accounts

If you're authorized to add target application accounts, you can request an account for the user in a target application such as Active Directory, Okta, etc. based on the provisioning system configured in your organization. The request then routes for the appropriate approvals and access to target application is only provisioned once the required approvals are completed.

To add account:

1. On the IAM menu, click the Identities tab and then click Workforce on the sub-menu. The Workforce Identity page displays. It shows the list of Internal Users, who are imported from inbound feed connector
2. Search for the user to whom you would like to add target application account, click on the workforce identity record and then click Edit.
3. Click the Account Target tab and then click the Add Account Target button. Provide the following information and then click Save.

• Target Name: Click the Browse button, select the target application name that you would like to add to the identity from the Workforce Identity Targets pop-up window and then click Ok.
• Password: Enter the password that you would like to set for the account.
• Confirm Password: Retype the password that you've entered in the Password field.
• Assigned Risk Score: Enter the risk score assigned for this target application.
• Target Justification: Enter the justification or reason for adding this target account to the user.

View Account Details

When the target application account is added to the user profile, the system initiates the workflow and provisioning process. Approvers can review the request and decide whether the account can be provisioned or not. When the approver approves the request, then the account will be provisioned to target application along with the user profile attributes to the respective fields in the target application account.

After the account is added, you can view workflow information, provision status, target status, detailed summary of provisioning, and attribute mapping summary. You can also have an option to resubmit the request in case the account provisioning is failed.

To view account details:

1. On the IAM menu, click the Identities tab and then click Workforce on the sub-menu. The Workforce Identity page displays. It shows the list of Internal Users, who are imported from inbound feed connector
2. Search for the user to whom you would like to view the details of target application account, click on the workforce identity record and then click Edit.
3. Click the Account Target tab and view the following information.

• Click the Provision Status button on the target application name to view the summary or details of target application provisioning.
• Click the Detail Summary button on the target application name to view the system activity details of target application provisioning.
• Click the Workflow Status button on the target application name to view the workflow approvals associated with the target application account.
• Click the Attributes Summary button on the target application name to view the schema mapping of the target application account.
• Click the Reprovision button on the target application name to reinitiate the request for provisioning if in case the account provisioning is failed.

Disable/Enable Accounts

ORSUS IAM uses the inbound connector to pull employee profile data from ORSUS workforce module/other data sources. Since the source of truth for employee data is workforce module/or any other data feed system, IAM module doesn't allow to disable/enable target account manually in the application. It enable or disable the account based on the employment status of the employee profile. This means that when the employement status attribute is set to inactive/active in ORSUS workforce module, based on the data import in IAM, the application disable or enable the account in the target application respectively and you can check this status in the Account Status attribute on the Workforce page.

Remove Accounts

If you're an authorized user, you can remove the target application accounts from workforce identities.

To remove account from a user:

1. On the IAM menu, click the Identities tab and then click Workforce on the sub-menu. The Workforce Identity page displays. It shows the list of Internal Users, who are imported from inbound feed connector
2. Search for the user to whom you would like to delete target application account, click on the workforce identity record and then click Edit.
3. Click the Account Target tab and then click the Delete button on the target application account that you want to delete.

Reset Account Password

You can reset the user target account password by manually changing it.

To reset the password for target application account:

1. On the Global menu, click Identity Accounts. The Identity Accounts page appears.
2. Select user from the users pop-up window.
   
3. Search for an account in the search field and filter Account Type from the dropdown list.
   
4. Click the Change Password button on the account tile, enter the password and then click Save.