Workflow Types

The Workflows differ in its type and the outcome. Below is an overview of the available workflows supported with short descriptions providing a quick take-away on what it is, and why to use it:

Workflow Type

Description

Permanent Access Request
  • Creates new accounts of the user, and/or privileged type;
  • updates entitlements for existing accounts.

Temporary Access Request

  • Provisions temporary accounts by:

    • creating new accounts of the temporary type;
    • setting up the usage period;
    • deleting the temporary accounts at the end of the usage time.

  • Provisions temporary entitlements to existing accounts by:

    • adding the temporary entitlement to an account;
    • setting up the usage period;
    • if the account is privileged, unlocks it;
    • removes the temporary entitlement at the end of the usage period;
    • if it is the privileged account, locks it back.

Privileged Access Management Request
  • Unlocks an existing account of the privileged type;
  • sets up the usage period,
  • locks the account back.

Firecall Unlock Request
  • Unlocks an existing account of the firecall type;
  • establishes the Beneficiary as the Owner of the account;
  • sets up the usage period;
  • establishes a new password;
  • locks the account back;
  • rotates the password.

Manage Access Request
  • Adds and\or removes entitlements within an existing account.

Account Removal Request
  • Deletes the selected account.

Password Change Request
  • Resets the current password;
  • Sets a new password;
  • Validates the new password against the target system policy.

Service Account Creation Request
  • Creates a new account of the Service type.

Role Creation
  • Creates a new IT, or Birthright Role.
  • In case of the Birthright Role, also performs provisioning of the access to existing eligible identities.

Role Deletion
  • Deletes an existing IT, or Birthright Role.
  • Deprovisions the Role from all affected identities.

Role Update
  • Updates an existing IT, or Birthright Role.
  • Performs provisioning of the updated access of all affected Identities.

Emergency Deprovisioning
  • Terminates the Identity.
  • Deprovisions:
    • accounts,
    • roles,
    • workgroups,
    • Local User.

Onboarding
  • Automatically created by HrSourceCheckTask.
  • Provisions the Birthright access to new Identities.

Offboarding
  • Automatically created by HrSourceCheckTask.
  • Deprovisions access from terminated Identities.

Reinstatement
  • Automatically created by HrSourceCheckTask
  • Provisions the Birthright access to reinstated Identities.

Data Import
  • Imports, updates and synchronizes the Integration Data for the integration with the Integration Data on the target.

Identities Update
  • Updates Identities from the following perspectives;
    • the Local User;
    • the Local Permissions;
    • the Identity Data;
    • the Identity’s birthright access;
    • in case of a terminated Identity, re-conciliates differences, if any detected between the Leaver Rules of the Integrations and the status of the accounts, if any.
    • transmits the changes in the Identity Data onto every Account owned by the affected Identity.

HR Source Check Request
  • Detects changes between the Integration Data in the HR Source integration and the Integration Data on the HR Source target;
  • Creates new Identities.
  • Activates existing terminated Identities.
  • Terminates existing active Identities.
  • Launches the following workflows:
    • Onboarding;
    • Reinstatement;
    • Offboarding.
  • Verifies the availability of the HR Source Account per Identity.
    • In case if an Identity is detected without a HR Source Account AND the correlated HR Source Account is imported from the target, then the workflow assigns the account onto the identity.
    • In case if for an Identity two correlated HR Source Accounts are detected, then the workflow swaps one HR Source Account into the other HR Source Account for the identity.

Update Identity Source Accounts Request
  • Verifies the availability of the HR Source Account per Identity.
    • In case if an Identity is detected without a HR Source Account AND the correlated HR Source Account is imported from the target, then the workflow assigns the account onto the identity.
    • In case if for an Identity two correlated HR Source Accounts are detected, then the workflow swaps one HR Source Account into the other HR Source Account for the identity.