User related accounts


Overview

It's possible that a user may have more than one account in OpenIAM (especially with customer IAM situations). OpenIAM offers a UI for Admins where they can merge one identity with another. There is be a primary record (the one will be an employee account) and the related accounts (which will follow user life cycle process of the primary (employee) user)

Implementation

A user can be a primary record (that contains employee information) or a related account. Relation type between primary and related accounts must be defined as one of metadata type, as an example: mdTypes

For example user William Twist has his own AD account, but at the same time on the domain controller he can have other accounts as well. Non of these side accounts have match with HR data and all of them will always be referenced to the main account. OpenIAM can represet these relations in following UI: relatedAcc1

And backward, user Twist_Admin will have a link to its primary account: relatedacc2

Handling of related accounts

Access certification of related accounts

If related account we will part of the access certification campaign then reviewer will see pictogram on pivot view. accreview if click on the pictogram, reviewer will get details about the primary account, and this can help him to make decision, because often side accounts can have poor names and it can be difficult to match it with employee data. userdetails Often manager does review, and here functionality of related account helps, because supervisors are assigned to related account based on supervisors of primary account. Hence, supervisor can make a access review of side accounts of theirs subordinates.

User lifecycle

If primary user changes his position in the company ( trasfer process), then OpenIAM has ability ti initiate position change workflow. If target user has set of related accounts they must be reviewed as well. In the case when manager does review of position change request, he will recieve one request for primary account and then one ones per each realted account.