Reinstate Identities

This is the scenario of steps for running reinstatement for pending Identities. During reinstatement, the birthright access is provisioned to the pending Identities, and on successful finish, the pending Identity is moved to the Active status. Reinstatement is performed automatically by the Reinstatement workflow. The triggering event for the Reinstatement workflow is the change in the status of an Identity: from Terminated into Pending.

The birthright access is provisioned according to the Birthright Roles that the pending Identity was eligible for at the moment of the status change.

In this section:

  • Prerequisites
  • Reinstatement scenario
  • How to run Reinstatement
  • Results of Reinstatement

Prerequisites

 

Pre-requisite

Description

1

Configure the HR Source Reinstatement Rule for each of the HR Source integration.

By configuring an HR Source Reinstatement Rule, the user determines the pattern of how to identify a re-activated account among other accounts in the source HRM system in the corporate infrastructure.

2

Configure the Birthright Roles.

By configuring a Birthright Role(-s), the user determines what birthright access a reinstated Identity will get.

3

Pending Identity

The existing Identity becomes re-instated from termination, and has the ‘Pending’ status.

Reinstatement scenario

To run reinstatement, the user is expected to do the following:

  1. Wait for the Reinstatement workflow to finish. And in case of failure, resolve inconsistencies and click Retry to run the Reinstatement workflow again manually.

Reinstatement scenarioReinstatement scenario

The reinstatement scenario on the diagram above shows actions performed by the user, and the areas of activity controlled by ObserveID for the user. The scenario involves systems:

  • ObserveID;
  • Other corporate systems that ObserveID integrates with to manage access of Identities.

The reinstatement finishes successfully if the accounts the Identity is eligible for within the Birthright access are created. Then the Reinstatement workflow updates the status of the Identity from ‘Pending’ into ‘Active’, and the Identity can log in to the resources, using those accounts.

How to run Reinstatement

To run Reinstatement, do the following:

  1. Wait for the HR Source Check to finish in: Identity Automation > Workflows > Tasks

    And when the status of the HR Source Check changes to Successfully Completed, click the request, and then click History. Make certain that the latest event record has the information: Created workflow Reinstatement.

    HR Source Check launches two Reinstatement workflowsHR Source Check launches two Reinstatement workflows

  2. The Workflows grid will be added with as many Reinstatement workflows, as many existing terminated Identities have changed their statuses into ‘Pending’.

    Workflows grid with all ReinstatementsWorkflows grid with all Reinstatements

  3. Automatically, a Reinstatement workflow starts for every pending Identity, and once the reinstatement is finished, the Identity will get the birthright access and change the status into 'Active'.

Results of Reinstatement

Given that the Reinstatement workflow finishes successfully, for the re-activated Identity:

  1. The status will be ‘Active’.
  2. All accounts are provisioned in line with the Birthright Role.
  3. The credentials are available for login to each Target system within the provisioned accounts.