Related accounts


Overview

It's possible that a user may have more than one account in OpenIAM or in target systems. This is especially true in cases where a user has both a normal user account and an administrator account which has greater privileges. Another example would involve a grade school that wishes to link the accounts of students who are siblings to display a familial relationship. OpenIAM provides a UI where multiple user profiles can be linked together. In this way, it's possible to navigate between these accounts. In this relationship, one profile should be viewed as being the primary record -- usually this is the normal user/employee account.

By default, life cycle events such as terminations will apply to the related account as well. If the account is to be reassigned, then these rules can be developed.

Defining relationship types

A user can be a primary record that contains employee information or a related account. Relationships between primary and related accounts must be defined as one of metadata type, as shown below: Metadata types

For example, user William Twist has his own AD account, but at the same time he can have other accounts on the domain controller as well. None of these secondary accounts have a match with HR data and will always be referenced to the main account. OpenIAM can represent these relationships in the following UI: Related account 1

Conversely, user Twist_Admin will have a link to its primary account: Related account 2

Handling of related accounts

Access certification of related accounts

In pivot view, reviewers can see the link to related accounts underneath the name of the user. Access review When the link to related accounts is clicked, the reviewer will get details about the primary account which can aid in decision making as secondary accounts often have unrelated names making it difficult to match them with employee data. User details The significance of this view is that supervisors that are assigned to related accounts are often based on the supervisors assigned to primary accounts.

User lifecycle

If the primary user changes his position within the company (transfer process), then OpenIAM has the ability to initiate a position change workflow. If the target user has a set of related accounts they must be reviewed as well. When a manager reviews the position change request, he will receive one request for the primary account and then one request per related account.