The update user process includes updating the employee/contractor's records in IDM when their attributes change in HRMS. IDM reconciles the updated records from HRMS, updates the user profile, and sends the changes into corresponding target systems.

Update Process in IDM: 

  • User Identity attributes: Employee Name, Address, Email, and other user attributes as specified on target system forms 


  • Conversion from Contractor to Employee or from Employee to Contractor 
  • User Transfer – changes in Department, Position\Job, Company or Manager 
  • Termination 
  • Rehire 

Use Case

Use Case

Update User

Brief DescriptionThe update user process is initiated when employee/contractor records changes in HRMS. IDM reconciles the updated records from HRMS and updates identity in IDM and corresponding target systems.


  • HR

  • IDM

Trigger Events

  • IDM reconciles the user record from HRMS into IDM

  • An existing row is updated in the XYZ DATA HUB
  • No change in User's status.
  • A user is manually modified using the user interface


  • User exists in IDM



  • The user record is updated in IDM with HRMS attributes.
  • Calculated attributes are correctly populated
  • User is assigned correct roles based on the attributes


  • The user record is not updated in IDM
  • Calculated attributes are incorrectly populated
  • User is assigned incorrect roles based on the attributes
Basic Flow

The basic flow for the update process is explained in the below activity diagram:

  • HRMS record with revised user identity data attributes is received in IDM via automated scheduled nightly job
  • IDM triggers Reconciliation Process and matches HRMS record with employee ID 
  • IDM identifies the attributes in the user record from the attribute changes received from the HRMS record.
  • IDM updates un-synched attribute
  • IDM updates attribute on user record in target systems if there is an un-synched attribute
  • A User Transfer Certification process event is initiated to the user's manager if one of the update attributes is a Transfer (a change in department, company, job, or the manager attributes)
  • IDM performs actions based on Computer Flag changes (as mentioned below)
  • IDM sends email notifications upon multiple changes (as mentioned below)


Computer Flag changes are applied to the user identity record based on the following logic:

  • If there are no changes to the Computer Flag, AND the Computer Flag = No (Comp_Flag = N), the updates are applied to the user attributes in IDM only
  • If there are no changes to the Computer Flag, AND If Computer Flag = Yes (Comp_Flag = Y), the user attribute updates are reconciled in IDM AND the updates are provisioned in target systems and core connected systems (Active Directory, West Mainframe, Office 365, Skype)
  •  If the Computer Flag changes from No to Yes, IDM create a Network ID in Active Directory and a West Mainframe Account role if applicable
  • If the Computer Flag changes from Yes to No, IDM disable the account roles and entitlements on all core connected systems.
  • The Deprovisioning date is set upon Termination, If a user is rehired, and the Computer Flag attribute is a change from N to Y, then the Deprovision date are reset to NULL\blank.

Email notifications are triggered upon the following changes to the identity record:

  • If the user identity Computer Flag changes from 'N' to 'Y', the manager receives three Email Notifications:
    • Two Emails with Network Credentials (one with ID and one with Password). 
    • One Email for the West Mainframe Account. 
  • For Home Drive Changes (e.g. location changes) – the IT Service Desk receive an email notification with the user's old and new home drive
  • For Manager Changes – if the user's manager changes, an email notification is sent to both the user's old and new manager
  • If HR Flag = D (Deceased) on updated user record, notification sent to the IAMS team only. The IAMS team then manages the account and subsequent notifications


The diagram below illustrates the basic flow for the update user process.