Automated provisioning Scripts
This section describes how to develop synchronization scripts to automate provisioning.
Scripts to automate user provisioning
Automated user provisioning requires at all steps in the user life cycle are supported. To demonstrate how this can be implemented in OpenIAM, all the examples below will be based on a common dataset (CSV or from a connector). Each step will build on the previous. The result will be a unified transformation script.
Example Data
| Field Name | Data type | Description |
|---|---|---|
| FIRST_NAME | String | Employee's first name |
| LAST_NAME | String | Employee's last name |
| PREFERRED_NAME | STRING | Alternate employee name |
| EMPLOYEE_ID | String | Unique identifier for the employee within the HR system |
| SUPERVISOR | String | Managers username |
| START_DATE | Date | Date a person joins the company |
| LAST_DATE | Date | Person's last date at the company |
| COMPANY | String | Name of the company |
| DEPARTMENT | String | Name of the department the employee works in |
| String | Email address. | |
| PHONE | String | Employee's desk phone |
| MOBILE_PHONE | String | Employee's mobile phone |
| STATUS | String | Employee's status - Active, Terminated, Leave,terminated |
| TITLE | String | Employee's corporate title which describes their job function |
| TYPE | String | Type of employee - Employee,Contractor,etc |
| ADDRESS | String | Employee's street address |
| CITY | String | Employee's City / town |
| STATE | String | State or province |
| POSTAL_CODE | String | Zip or postal code |
| COUNTRY | String | Two character country code. |
| BADGE_NUMBER | String | Employee BadgeID |
Assumptions
Related this, this example assumes that you created a few business roles as described in the Access control section. The script will map job title to these roles and later use demonstrate how you can use this to support position changes.
Roles used in the example:
- Developer
- Sr Developer
- Helpdesk Engineer
- Architect
The example will also need some test organization which can also be created using the UI. We will use the following Organization data:
- MyCorp (Type - Organization)
- North America (Type - Division)
- NA-Sales (Type - department)
- NA-Finance (Type - department)
- NA-Support (Type - department)
- EU (Type - Division )
- EU-Sales (Type - department)
- EU-Finance (Type - department)
- EU-Support (Type - department)
- North America (Type - Division)
Below is a data sample that can be used in conjunction with the scripts being developed here
FIRST_NAME,LAST_NAME,PREFERRED_NAME,EMAIL,PHONE,MOBILE_PHONE,TITLE,SUPERVISOR,COMPANY,DEPARTMENT,STATUS,EMPLOYEE_ID,BADGE_NUMBER,ADDRESS,CITY,STATE,POSTAL_CODE, COUNTRY,TYPEJOHN,MANAGER,JACK,SOMEONE@OPENAM.COM,914-123-456,,Developer,,MyCorp,NA-Sales,ACTIVE,11111,123,123 MAIN ST,BOSTON,MA, 11111,US,EMPLOYEETHOMAS,HELPDESK,TOMMY,SOMEONE3@OPENAM.COM,914-123-456,646-1234-5674,Helpdesk Engineer,JACK MANAGER,MyCorp,EU-Sales,ACTIVE,11112,124,123 MAIN ST,BOSTON,MA, 22222, US,CONTRACTORALEXANDER,ENDUSER,Alex,SOMEONE2@OPENAM.COM,914-123-456,,Sr Developer,JACK MANAGER,MyCorp,EU-Finance,ACTIVE,11113,125,123 MAIN ST,BOSTON,MA,33333,CA, CONTRACTORWilliam,ENDUSER2,Bill,SOMEONE3@OPENAM.COM,914-123-456,407-343-4534,Architect,JACK MANAGER,MyCorp,NA-Support,ACTIVE,11114,126,123 MAIN ST,BOSTON,MA,44444,MX,EMPLOYEE
User life cycle events
| Life cycle stage | Description |
|---|---|
| Joiners | Script to support common new activities related to new hire |