Update User Process

The update user process includes updating the employee/contractor's records in IDM when their attributes change in HRMS. IDM reconciles the updated records from HRMS, updates the user profile, and sends the changes into corresponding target systems.

Update Process in IDM:

User Identity attributes: Employee Name, Address, Email, and other user attributes as specified on target system forms

Post-Processes:

Conversion from Contractor to Employee or from Employee to Contractor
User Transfer – changes in Department, Position\Job, Company or Manager
Termination
Rehire

Use Case

Use Case	Update User
Brief Description	The update user process is initiated when employee/contractor records changes in HRMS. IDM reconciles the updated records from HRMS and updates identity in IDM and corresponding target systems.
Actors	HR IDM
Trigger Events	IDM reconciles the user record from HRMS into IDM An existing row is updated in the XYZ DATA HUB No change in User's status. A user is manually modified using the user interface
Preconditions	User exists in IDM
Post-Conditions	Success The user record is updated in IDM with HRMS attributes. Calculated attributes are correctly populated User is assigned correct roles based on the attributes Fail The user record is not updated in IDM Calculated attributes are incorrectly populated User is assigned incorrect roles based on the attributes
Basic Flow	The basic flow for the update process is explained in the below activity diagram: HRMS record with revised user identity data attributes is received in IDM via automated scheduled nightly job IDM triggers Reconciliation Process and matches HRMS record with employee ID IDM identifies the attributes in the user record from the attribute changes received from the HRMS record. IDM updates un-synched attribute IDM updates attribute on user record in target systems if there is an un-synched attribute A User Transfer Certification process event is initiated to the user's manager if one of the update attributes is a Transfer (a change in department, company, job, or the manager attributes) IDM performs actions based on Computer Flag changes (as mentioned below) IDM sends email notifications upon multiple changes (as mentioned below)

Note:

Computer Flag changes are applied to the user identity record based on the following logic:

If there are no changes to the Computer Flag, AND the Computer Flag = No (Comp_Flag = N), the updates are applied to the user attributes in IDM only
If there are no changes to the Computer Flag, AND If Computer Flag = Yes (Comp_Flag = Y), the user attribute updates are reconciled in IDM AND the updates are provisioned in target systems and core connected systems (Active Directory, West Mainframe, Office 365, Skype)
If the Computer Flag changes from No to Yes, IDM create a Network ID in Active Directory and a West Mainframe Account role if applicable
If the Computer Flag changes from Yes to No, IDM disable the account roles and entitlements on all core connected systems.
The Deprovisioning date is set upon Termination, If a user is rehired, and the Computer Flag attribute is a change from N to Y, then the Deprovision date are reset to NULL\blank.

Email notifications are triggered upon the following changes to the identity record:

If the user identity Computer Flag changes from 'N' to 'Y', the manager receives three Email Notifications:
- Two Emails with Network Credentials (one with ID and one with Password).
- One Email for the West Mainframe Account.
For Home Drive Changes (e.g. location changes) – the IT Service Desk receive an email notification with the user's old and new home drive
For Manager Changes – if the user's manager changes, an email notification is sent to both the user's old and new manager
If HR Flag = D (Deceased) on updated user record, notification sent to the IAMS team only. The IAMS team then manages the account and subsequent notifications

Diagram

The diagram below illustrates the basic flow for the update user process.