Reconciliation Process

Introduction

Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in IDM and target\connected systems. The reconciliation process compares the entries in the IDM and the target system, determines the difference between the two, and applies the latest changes in IDM. Reconciliation of roles, role memberships, and role hierarchy changes are handled as separate reconciliation events.

Use Case

HRMS Reconciliation

Use Case	Trusted Reconciliation - HRMS
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in IDM and target\connected systems.
Actors	HRMS IDM
Trigger Events	User Created/ Modified in HRMS
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to target systems. Records are then reconciled and updated back to IDM from the target system if the target system is one that manages or stores identity data (e.g. Active Directory)

AD Reconciliation

Use Case	Trusted Reconciliation - AD
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in the AD connected system.
Actors	HRMS IDM Active Directory (AD)
Trigger Events	User details modified in AD
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to Active Directory (AD groups, user accounts) Records are then reconciled and updated back to IDM from Active Directory

Mainframe Reconciliation

Use Case	Trusted Reconciliation - Mainframe
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in Mainframe connected system.
Actors	HRMS IDM Mainframe
Trigger Events	User details modified in Mainframe
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to Mainframe Records are then reconciled and updated back to IDM from Mainframe accounts

Exchange Online Reconciliation

Use Case	Trusted Reconciliation - Exchange Online
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in Exchange Online connected system.
Actors	HRMS IDM Exchange
Trigger Events	User details modified in Exchange
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to Exchange Online (user mailboxes, distribution lists, shared mailboxes, skype) Records are then reconciled and updated back to IDM from Exchange Online (user mailboxes, distribution lists, shared mailboxes, skype)

Badging System (CCure) Reconciliation

Use Case	Trusted Reconciliation - CCure (Badge)
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in CCure
Actors	HRMS IDM CCure
Trigger Events	User details modified in CCure
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to CCure (Badging System) Records are then reconciled and updated back to IDM from CCure

UNIX Reconciliation

Use Case	Trusted Reconciliation - UNIX
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in UNIX connected system.
Actors	HRMS IDM UNIX
Trigger Events	User details modified in UNIX
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to UNIX Records are then reconciled and updated back to UNIX

LMS Reconciliation

Use Case	Trusted Reconciliation - LMS
Brief Description	Reconciliation refers to the processes where key attributes from HRMS user data are matched and compared to the IDM user records and updated in the LMS connected system.
Actors	HRMS IDM LMS
Trigger Events	User details modified in LMS
Preconditions	Data trigger for User Create and modification from HRMS is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Data is received from HRMS (the authoritative source) to IDM Data provisioned or reconciled (attributes matched) to LMS Records are then reconciled and updated back to IDM from LMS

Target System Reconciliation - Disconnected Apps

Use Case	Target System Reconciliation - Disconnected Apps
Brief Description	The reconciliation process compares the entries in the IDM and the target system, determines the difference between the two, and applies the latest changes in IDM.
Actors	IDM Target System
Trigger Events	Modification in the Target system
Preconditions	Data trigger from the target system is made
Post-Conditions	Success Able to perform matching and reconciliation Fail Unable to perform matching and reconciliation
Basic Flow	Change identified in Target System for Account information Account information is created in IDM based on the target system attributes. Corresponding accounts are also be created for the target system. The accounts or entitlements are updated with 'Provisioned' status in the target system. The resource administrator at the target system provisions revokes, or updates account data as requested. The changes made on the target system are reconciled with IDM

Group Unified Reconciliation Process

Use Case	Group Unified Reconciliation Process
Brief Description	This feature enables IDM Administrators to fetch user account profiles and permissions and publish them to IDM
Actors	IDM Administrator
Trigger Events	Upload Document functionality invoked
Preconditions	Admin Console application needs to be present IDM Administrators and application owner needs to have in Admin Console
Post-Conditions	Success Able to perform file reconciliation Fail Unable to perform file reconciliation
Basic Flow	The user enters the Admin Console Clicks on Reconciliation Click on Template where reconciliation templates are generated dynamically from the target system configurations Option to upload CSV files listing users of a target application system with corresponding entitlements is provided by IDM User clicks on Upload IDM validates data in the CSV and returns results on success or failure of the upload