Related accounts


Overview

It's possible that a user may have more than one account in OpenIAM or in target systems. This is especially true in cases where a user has both an normal user account and an administrator account which has greater privileges. OpenIAM provides a UI where one more more user profiles can be linked together. In this way, its possible to navigate between these two accounts. In this relationship, one profile should be viewed as being the primary record; usually this is the normal user / employee account.

By default life cycle events, such as terminations, will apply to the related account as well. If the account is to be reassigned, then these rules can be developed.

Defining relationship types

Defining relationships

Implementation

A user can be a primary record (that contains employee information) or a related account. Relation type between primary and related accounts must be defined as one of metadata type, as an example: Metadata types

For example user William Twist has his own AD account, but at the same time on the domain controller he can have other accounts as well. Non of these side accounts have match with HR data and all of them will always be referenced to the main account. OpenIAM can represent these relations in following UI: Related account 1

And backward, user Twist_Admin will have a link to its primary account: Related account 2

Handling of related accounts

Access certification of related accounts

If related account we will part of the access certification campaign then reviewer will see pictogram on pivot view. Access review if click on the pictogram, reviewer will get details about the primary account, and this can help him to make decision, because often side accounts can have poor names and it can be difficult to match it with employee data. User details Often manager does review, and here functionality of related account helps, because supervisors are assigned to related account based on supervisors of primary account. Hence, supervisor can make a access review of side accounts of theirs subordinates.

User lifecycle

If primary user changes his position in the company ( transfer process), then OpenIAM has ability ti initiate position change workflow. If target user has set of related accounts they must be reviewed as well. In the case when manager does review of position change request, he will receive one request for primary account and then one ones per each related account.