Setting up Organization

IDHub currently has two modules, which are used by two different user bases: End-users & Administrators. To utilize all functionalities, the primary user should perform the below functions:

Step 1 : Setting up User Base

This is a three step process:

Milestone 1: Federating the User Base Application

• Before on-boarding your first application, you need to setup Keycloak, to fetch users in your IDHub Keycloak instance. This is required to perform continuous synchronizations with your user data authentication source. Application Management Explained.

Milestone 2: Setting up Your First Application

• After users are connected and entered into the IDHub Keycloak instance,  you will need to connect those users to IDHub applications, in order for them to use IDHub.
• Add an Application Explained.
  *Note: 
  
  • This Application should be one for which all user (or employee) information will be synchronized within IDHub on a timely manner. This should be a connected Application.
  • In the event you do not have an existing application for your existing user base, you can onboard a disconnected application.
  • The following user fields are mandatory for your trusted application:
    
    • Login - This field will be used by all the users, to login to IDHub.
    • Email Address - This field will be used to send all related notifications within IDHub.
    • Manager Login - This field will be used to send tasks to respective managers upon requests, depending on the workflow.
    • Display Name - This field will help in showing user information in the Search Catalog.
    • Manager Display Name - This field will be used for adding proxies.
      
      

Field Mapping

In the event that one Application does not contain all the necessary fields and information, you would then need to create multiple Applications to fetch the above information, from across various places.

E.g.: You are getting:

• From LDAP - user login and display name, which is only your trusted user data source
• From Workday (or any other HR Application) - user email address, manager login, and manager display name, which is also your trusted data source

Then:

• IDHub advises to add two Applications, both as trusted applications for various user fields.

However, things to be taken care of are:

• Trusted fields should not be same in both Applications, as there can be data overrides which may happen, due to mismatch of data between the two trusted Applications.

Milestone 3: Reconciling the Data

• For Connected Applications:
  • You'll need to schedule the synchronization and auto-reconciliation - IDHub Scheduled Jobs Explained.
• For Disconnected Applications:
  • You'll need to prepare and upload the file in your on-boarded Application to synchronize users - Manual Reconciliation Explained.

Step 2: Setting up Existing Accesses of Users

Milestone 1: Collect All Applications and Entitlements in the Organization

• For setting up accesses already present in the users, you need to list out all Applications and permission levels within each Application.
• Next, you'll need to map all users in the organization, with each of those accesses.
• New Features of IDHub:
  • Custom Forms in applications
  • Custom Workflows
    
    

Need help in Implementations?

If you need any assistance to perform the above tasks, contact our IDHub Implementation Team. Our experts are happy to assist with IDHub!

Milestone 2: Bulk On-board

• You'll need to on-board all Applications and Entitlements into IDHub, with our Bulk On-board functionality - Bulk Upload Applications Explained.

Step 3: Create a Role Based Access Control (RBAC) System

Milestone 1: Freeze Roles in the Organization

• Create an xls sheet with Role names, Role Owner, and a list of Applications and Entitlements for each.
• Create a condition to which each Role can be auto-assigned. (If any rule exists: example - only US Illinois branch users will receive Role no. 45)
• Map each user to the Roles

Milestone 2: Onboard Bulk Roles

• Insert information of Roles in the bulk Role template in Admin Module of IDHub
• Approve and on-board the Roles into IDHub

Step 4: Make Administrators

Milestone 1: Request 'System Administrator' Role for other users

• Go to Search Catalog
• Search for "System Administrator" Role
• Add to cart
• Click on cart and proceed to cart details page
• Add users who you'd like to make administrators
• Submit justification and request for Admin Access
• Go to tasks page for approving the admin access request (As an 'Access Manager')

This should create new admins with their dedicated Keycloak credentials and Admin Module access.

Step 5: Share IDHub with Admins and Users

Milestone 1: Share IDHub Login and Password with All Administrators and Users

• Get IDHub Login page URL
• Get the user credentials from Keycloak (only userids should be fine)
• Share the information with all the admins and users of your organization

Congratulations! Every Admin and User will now be able to use IDHub.

Once the setup is completed, each user base can get started. To know more about those go to the respective "Getting Started" sections - Getting Started as a System Administrator and Getting Started as an End-User

User Roles

The following roles are found in a typical IDHub Environment: