Skip to main content

Hitachi ID Identity Manager Screen Recordings - Termination

Scheduled termination


Play movie

Content:

  • A manager schedules termination/deactivation for one of his subordinates.
  • Members of the HR department are invited to approve the change.

Key concepts:

  • Scheduled events, such as deactivation, are modeled using a date attribute in the user's profile.
  • Access controls determine who can see this date, who can request a change and who must approve a change.
  • In this example, a user's manager and anyone in HR can see/edit this date, but the user cannot. If the manager requests a change, HR must approve it. Conversely, if HR requests a change, the manager will be asked to approve it.
  • Once the request is approved and stored in the user's profile, other processes take care of the deactivation process. The workflow component is simply for setting this date.

Authorize scheduled termination


Play movie

Content:

  • Approval of a change to a user's scheduled termination date is handled by an HR user.
  • In this example, three HR users were invited but any one of them can do the job -- increasing process reliability and shortening time to completion.

Key concepts:

  • Who is invited to approve a change is determined by policy.
  • Policy is based on relationships between requester, recipient and authorizer.
  • A random subset of a users (e.g., members of an HR group) can be chosen.
  • A further subset of invited users may be sufficient to approve.
  • Invitations go out via e-mail, with responses via authenticated, secure, encrypted web form.

Defer scheduled termination


Play movie

Content:

  • After termination was scheduled, but before it was completed, it can still be deferred.
  • The manager of a user scheduled for deactivation is automatically invited to review and possibly defer the termination date.

Key concepts:

  • Batch processes send advance warnings of scheduled events like termination.
  • Users can follow an embedded link and make appropriate changes, if required.

Termination/deactivation triggered by HR system of record (SoR)


Play movie

Content:

  • A scheduled deactivation date can be set from a system of record.
  • Changes from a SoR are normally automatically approved.
  • The user's manager will still get advance warning and may defer the date.

Key concepts:

  • New values for identity attributes can be fed in from a system of record, with no direct human interaction with Hitachi ID Identity Manager.
  • Regardless of the data source, all changes go through a workflow request, which may (or may not) require approval.
  • Once a value is set, any processes which depend on the value proceed - regardless of the value's source (web portal request, HR feed, etc.).

Immediate deactivation triggered by HR SoR


Play movie

Content:

  • The HR system of record can specify that a user should be deactivated immediately, rather than on a scheduled date.
  • This means that when the batch process runs to read HR data it will deactivate the user.

Key concepts:

  • Changes to identity data (attribute value, disappearance of a user, etc.) in a SoR can drive actions other than just attribute changes to a user's profile.
  • In this case, the required change is immediately disabling the user.
  • Urgent normally does not require approvals.

Immediate deactivation, initiated by manager, requiring approval


Play movie

Content:

  • A manager can log into Identity Manager and deactivate an employee immediately.
  • This kind of process typically does require approval, by HR.

Key concepts:

  • The user is deactivated, but only once the request is approved.
  • Managers are generally only allowed to do this to their direct reports.
  • HR users are generally allowed to do this to anyone (at least outside of HR and executive groups).

page top page top