It's possible that a user may have more than one account in OpenIAM or in target systems. This is especially true in cases where a user has both an normal user account and an administrator account which has greater privileges. OpenIAM provides a UI where one more more user profiles can be linked together. In this way, its possible to navigate between these two accounts. In this relationship, one profile should be viewed as being the primary record; usually this is the normal user / employee account.
By default life cycle events, such as terminations, will apply to the related account as well. If the account is to be reassigned, then these rules can be developed.
Defining relationship types
A user can be a primary record (that contains employee information) or a related account. Relation type between primary and related accounts must be defined as one of metadata type, as an example:
For example user William Twist has his own AD account, but at the same time on the domain controller he can have other accounts as well. Non of these side accounts have match with HR data and all of them will always be referenced to the main account. OpenIAM can represent these relations in following UI:
And backward, user Twist_Admin will have a link to its primary account:
Handling of related accounts
Access certification of related accounts
If related account we will part of the access certification campaign then reviewer will see pictogram on pivot view. if click on the pictogram, reviewer will get details about the primary account, and this can help him to make decision, because often side accounts can have poor names and it can be difficult to match it with employee data. Often manager does review, and here functionality of related account helps, because supervisors are assigned to related account based on supervisors of primary account. Hence, supervisor can make a access review of side accounts of theirs subordinates.
If primary user changes his position in the company ( transfer process), then OpenIAM has ability ti initiate position change workflow. If target user has set of related accounts they must be reviewed as well. In the case when manager does review of position change request, he will receive one request for primary account and then one ones per each related account.