There are also two ways how the transfer process can be invoked in OpenIAM.
Step 1. Automating the change in access
In case the end users have promotion and demotion during their career, the information on these changes is introduced into the HR system and stored in the user object. In OpenIAM there are several fields that can support position change. They are:
- Job Code (metadata based field).
- Employee type (metadata based field).
- Location code.
- Location name.
Here, administrators can change the access of the transferred user in SelfService. This process in detail is described in the document by the link.
Another option is changing the attributes in a CSV file and running the synchronization process. Here, the attributes linked to a business rule will be updated and the access will be revoked based on the defined rule.
Step 2. Position change workflow
To invoke a position change workflow in OpenIAM, update the user data to match your business rule expression. This can be done by finding a user and clicking Edit button.
Invoking and validating position change
The user can invoke and validate the position change via SelfService via User access reviews.
Additionally, one may check the user individually and see the access they have after the change was made.