Introduction

Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in IDM and target\connected systems. The reconciliation process compares the entries in the IDM and the target system, determines the difference between the two, and applies the latest changes in IDM. Reconciliation of roles, role memberships, and role hierarchy changes are handled as separate reconciliation events.

Use Case

HRMS Reconciliation  

Use Case

Trusted Reconciliation - HRMS

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in IDM and target\connected systems.

Actors

  • HRMS

  • IDM

Trigger Events

  • User Created/ Modified in HRMS

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to target systems.
  • Records are then reconciled and updated back to IDM from the target system if the target system is one that manages or stores identity data (e.g. Active Directory)


AD Reconciliation  

Use Case

Trusted Reconciliation - AD

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in the AD connected system.

Actors

  • HRMS

  • IDM
  • Active Directory (AD)

Trigger Events

  • User details modified in AD

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to Active Directory (AD groups, user accounts) 
  • Records are then reconciled and updated back to IDM from Active Directory


Mainframe Reconciliation  

Use Case

Trusted Reconciliation - Mainframe

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in Mainframe connected system.

Actors

  • HRMS

  • IDM
  • Mainframe

Trigger Events

  • User details modified in Mainframe

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to Mainframe
  • Records are then reconciled and updated back to IDM from Mainframe accounts


Exchange Online Reconciliation  

Use Case

Trusted Reconciliation - Exchange Online

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in Exchange Online connected system.

Actors

  • HRMS

  • IDM
  • Exchange

Trigger Events

  • User details modified in Exchange

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to Exchange Online (user mailboxes, distribution lists, shared mailboxes, skype) 
  • Records are then reconciled and updated back to IDM from Exchange Online (user mailboxes, distribution lists, shared mailboxes, skype) 


Badging System (CCure) Reconciliation  

Use Case

Trusted Reconciliation - CCure (Badge)

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in CCure

Actors

  • HRMS

  • IDM
  • CCure

Trigger Events

  • User details modified in CCure

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to CCure (Badging System)
  • Records are then reconciled and updated back to IDM from CCure


UNIX Reconciliation  

Use Case

Trusted Reconciliation - UNIX

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in UNIX connected system.

Actors

  • HRMS

  • IDM
  • UNIX

Trigger Events

  • User details modified in UNIX

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to UNIX
  • Records are then reconciled and updated back to UNIX


LMS Reconciliation  

Use Case

Trusted Reconciliation - LMS

Brief DescriptionReconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in the LMS connected system.

Actors

  • HRMS

  • IDM
  • LMS

Trigger Events

  • User details modified in LMS

Preconditions

Data trigger for User Create and modification from HRMS is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Data is received from HRMS (the authoritative source) to IDM
  • Data provisioned or reconciled (attributes matched) to LMS 
  • Records are then reconciled and updated back to IDM from LMS

Target System Reconciliation - Disconnected Apps

Use Case

Target System Reconciliation - Disconnected Apps

Brief DescriptionThe reconciliation process compares the entries in the IDM and the target system, determines the difference between the two, and applies the latest changes in IDM. 

Actors

  • IDM
  • Target System

Trigger Events

  • Modification in the Target system

Preconditions

Data trigger from the target system is made

Post-Conditions

Success

  • Able to perform matching and reconciliation

Fail

  • Unable to perform matching and reconciliation
Basic Flow
  • Change identified in Target System for Account information
  • Account information is created in IDM based on the target system attributes.
  • Corresponding accounts are also be created for the target system. 
  • The accounts or entitlements are updated with 'Provisioned' status in the target system. 
  • The resource administrator at the target system provisions revokes, or updates account data as requested. 
  • The changes made on the target system are reconciled with IDM


Group Unified Reconciliation Process

Use Case

Group Unified Reconciliation Process

Brief DescriptionThis feature enables IDM Administrators to fetch user account profiles and permissions and publish them to IDM

Actors

  • IDM
  • Administrator

Trigger Events

  • Upload Document functionality invoked

Preconditions

  • Admin Console application needs to be present
  • IDM Administrators and application owner needs to have in Admin Console

Post-Conditions

Success

  • Able to perform file reconciliation

Fail

  • Unable to perform file reconciliation
Basic Flow
  • The user enters the Admin Console
  • Clicks on Reconciliation
  • Click on Template where reconciliation templates are generated dynamically from the target system configurations
  • Option to upload CSV files listing users of a target application system with corresponding entitlements is provided by IDM
  • User clicks on Upload
  • IDM validates data in the CSV and returns results on success or failure of the upload