The rehiring process is triggered when an ex-Company employee is rehired. The process initiates steps based on when the employee was rehired i.e. if the rehire is before or after 90 days of termination.

Process Flow

Process Name

Rehire Process

Brief DescriptionThe rehiring process is initiated when HR hires an ex-Company employee. IDM reconciles the record from HRMS and performs appropriate steps based on the time when the user was rehired and based on the comp flag.

Actors

  • HRMS

  • IDM

Trigger Events

  • Employee Status changed in HRMS flat file

  • Last Update Time is changed in DATA HUB
  • Person state changed to Active from Terminated

    • Current Employee Status = D/Q/R/S/T/U
    • New Employee Status=A/P/L

Preconditions

  • Person state was Terminated (set of values indicated terminated)

Post-Conditions

Success

  • Based on the criteria, the user is enabled in IDM, and changes are propagated to corresponding target systems
  • Remove Deprovisioning Date from the User profile
  • User is assigned correct roles based on the attributes

Fail

  • IDM notifies the system administrator of the failed scenario
Basic Flow
  • Rehire > 95 days
  • Computer flag = N
    • IDM will activate the identity
    • Re-computes the login id ONLY
    • Provision of the physical badge 
  • Computer flag = Y
    • IDM will activate the identity
    • Recompute login id 
    • Provisions resources as per new hire process(see Create User Process)
  • Rehire < 95 days

NOTE: IDM will not automatically enable/provision accounts if they are revoked by the job ‘Revoke resource/accounts after 10 days of termination’

NOTE: IDM will not automatically assign AD group membership if they are removed by the job ‘Remove group membership after 10 days of termination’

  • If the computer flag was Y and it is N,
    • IDM will reactivate the identity
    • Enables Physical Badge and Disconnected Application Only
    • Creates tasks for Access Management that the ids were enabled but the computer flag = N

  • If the computer flag was N (and no resources were provisioned) and it is Y,
    • Recompute the login id
    • Provisions the user as a new hire

  • If the computer flag was N (and resources were provisioned) and it is Y,
    • Enable old resources

  • If the computer flag was N and it is N and resources were provisioned
    • IDM will activate the identity
    • Re-computes the login id
    • Provisions the Physical Badge.

  • If the flag is Y and was Y (or resources were provisioned via Self Service) and it is a change of employee type on the same day (in this scenario HR process will not send any termination message for the user. It will be normal update profile.)
    • Uses new AD template as per new profile data
    • Assigns new group membership as per new template
    • Moves user to new OU as per new template
    • IDM does not remove existing group membership if any
    • Triggers an email to the IT service desk if there is a change in the Home Directory
    • Note: email Template will be provided to Include verbiage related to nuclear/non-nuclear etc. Open task to Access Management to rename the LANID to E123456 or C123456

  • If the flag is Y and was Y (or resources were provisioned via Self Service) and it is a change of employee type happens for more than one day of termination.
    • IDM will re-enable the IDM identity
    • Resets password for
        • AD
        • Exchange
        • Mainframe IDs
    • Moves the user out of the Disabled Inactive OU to the proper OU as per the AD template.
    • Opens task to access management to rename LANID
    • Uses new AD template as per new profile data
    • Assigns new group membership as per new template
    • IDM does not remove existing group membership if any
    • Triggers an email to the IT service desk if there is a change in the Home Directory

Note: Email Template will be provided to Include verbiage related to nuclear/non-nuclear etc.

  • If the flag is Y and was Y (or resources were provisioned via Self Service) and NO employee type change with a lag
    • Re-enables user identity
    • Resets password for:
      • AD
      • Exchange
      • Mainframe IDs
    • Uses new AD template as per new profile data
    • Assigns new group membership as per new template
    • Moves user to new OU as per new template
    • IDM does not remove existing group membership if any
    • Triggers an email to the IT service desk if there is a change in the Home Directory

Note: Email Template will be provided to Include verbiage related to nuclear/non-nuclear etc.

Diagram

The diagram below illustrates the basic flow for the rehire process.


TopicQuestions/CommentsNotes
Basic Flow
Rehire Timeframe > 95 days
then IDM will
1)Activates the identity
2)Recomputes only the login ID
3)Provisions the physical badge

Need more clarification on the possible use cases.
Looks like anyone of the scenario is valid between 1 and 2.


BasicFlow-
Rehire Timeframe = <95, Old Comp Flag = N, New Comp Flag = Y, Provisioning= No resources provisioned
Does the system need to recompute the login ID for the above scenario?
BasicFlow-
Rehire Timeframe = <95, Old Comp Flag = N, New Comp Flag = Y, Provisioning= resources provisioned
Then -->Enable old resources
Does it mean provisioning/ enabling all the resources which are in Revoked/Disabled state?
BasicFlow-
Rehire Timeframe = <95, Old Comp Flag = N, New Comp Flag = N, Provisioning= resources provisioned
Then -->
IDM will activate the identity
Re-computes the login id
Provisions the Physical Badge 
Physical Badge should be provisioned instead of re-enabling.
Do we need to re-compute the login id in this case?