Automated provisioning Scripts

This section describes how to develop synchronization scripts to automate provisioning.

Scripts to automate user provisioning

Automated user provisioning requires all steps in the user life cycle to be supported. To demonstrate how this can be implemented in OpenIAM, all the examples below will be based on a common dataset (CSV or from a connector). Each step will build on the previous. The result will be a unified transformation script.

Example Data

Field NameData typeDescription
FIRST_NAMEStringEmployee's first name
LAST_NAMEStringEmployee's last name
PREFERRED_NAMESTRINGAlternate employee name
EMPLOYEE_IDStringUnique identifier for the employee within the HR system
SUPERVISORStringManagers username
START_DATEDateDate a person joins the company
LAST_DATEDatePerson's last date at the company
COMPANYStringName of the company
DEPARTMENTStringName of the department the employee works in
EmailStringEmail address.
PHONEStringEmployee's desk phone
MOBILE_PHONEStringEmployee's mobile phone
STATUSStringEmployee's status - Active, Terminated, Leave,terminated
TITLEStringEmployee's corporate title which describes their job function
TYPEStringType of employee - Employee,Contractor,etc
ADDRESSStringEmployee's street address
CITYStringEmployee's City / town
STATEStringState or province
POSTAL_CODEStringZip or postal code
COUNTRYStringTwo character country code.
BADGE_NUMBERStringEmployee BadgeID

Assumptions

Related to this, this example assumes that you created a few business roles as described in the Access control section. The script will map job titles to these roles and later demonstrate how you can use this to support position changes.

Roles used in the example:

  • Developer
  • Sr Developer
  • Helpdesk Engineer
  • Architect

The example will also need some test organization which can also be created using the UI. We will use the following Organization data:

  • MyCorp (Type - Organization)
    • North America (Type - Division)
      • NA-Sales (Type - department)
      • NA-Finance (Type - department)
      • NA-Support (Type - department)
    • EU (Type - Division )
      • EU-Sales (Type - department)
      • EU-Finance (Type - department)
      • EU-Support (Type - department)

Below is a data sample that can be used in conjunction with the scripts being developed here

FIRST_NAME,LAST_NAME,PREFERRED_NAME,EMAIL,PHONE,MOBILE_PHONE,TITLE,SUPERVISOR,COMPANY,DEPARTMENT,STATUS,EMPLOYEE_ID,BADGE_NUMBER,ADDRESS,CITY,STATE,POSTAL_CODE, COUNTRY,TYPE
JOHN,MANAGER,JACK,SOMEONE@OPENAM.COM,914-123-456,,Developer,,MyCorp,NA-Sales,ACTIVE,11111,123,123 MAIN ST,BOSTON,MA, 11111,US,EMPLOYEE
THOMAS,HELPDESK,TOMMY,SOMEONE3@OPENAM.COM,914-123-456,646-1234-5674,Helpdesk Engineer,JACK MANAGER,MyCorp,EU-Sales,ACTIVE,11112,124,123 MAIN ST,BOSTON,MA, 22222, US,CONTRACTOR
ALEXANDER,ENDUSER,Alex,SOMEONE2@OPENAM.COM,914-123-456,,Sr Developer,JACK MANAGER,MyCorp,EU-Finance,ACTIVE,11113,125,123 MAIN ST,BOSTON,MA,33333,CA, CONTRACTOR
William,ENDUSER2,Bill,SOMEONE3@OPENAM.COM,914-123-456,407-343-4534,Architect,JACK MANAGER,MyCorp,NA-Support,ACTIVE,11114,126,123 MAIN ST,BOSTON,MA,44444,MX,EMPLOYEE

User life cycle events

Life cycle stageDescription
JoinersScript to support common new activities related to new hire