Using UMRA to link PeopleSoft Enterprise
with user account information in the network
UMRA offers the possibility to link PeopleSoft Enterprise with user accounts in the network. When connected using UMRA, each change in PeopleSoft Enterprise can be detected. For each change, a corresponding procedure can be defined to update user accounts and associated resources in the network. In the table below some examples of changes and procedures are listed:
|
Change in PeopleSoft Enterprise
|
Network procedure
|
|
New employee
|
User Account is created, complete with e-mail box, home directory and
group memberships.
|
|
New job / promotion
|
User Account gets more privileges in the network due to promotion.
|
|
Employee leaves the company
|
User Account is disabled immediately and moved to another OU. Two months
later the home directory and e-mail data are moved to a secondary storage
location.
|
|
Employee gets married / divorced
|
The name of the user account is updated while keeping its SID.
|
|
Employee moves to another location
|
Home directory data are moved to the nearest home directory server.
|
Tools4ever has dozens of predefined procedures available which can be tailored
to specific needs within the organization. This makes it possible to fit UMRA
quickly and efficiently into the existing user account management process of
the organization.
Advantages of automated linking:
Shorter turnaround time for creating accounts
Changes to PeopleSoft Enterprise (new employee / employees leaving
the company, job changes, changes in contact details) are maintained meticulously
and consistently by the HR department. A "First Working Day" procedure
specifies that a new employee is entered in the HR System before the first working
day. By linking the HR System to the user accounts in the network, changes can
be implemented directly and without introducing any errors. On the first day
of employment, the user account is created with the correct security settings
as specified in the employee's function profile. This account will be available
on all plaforms and for all applications within the company.
Error free creation of accounts
By linking PeopleSoft Enterprise to user account information in the
network, changes can be implemented directly and without loss of information.
In many companies, there is no automatic procedure to handle such changes. Instead,
there is often only a manual e-mail procedure in place which can easily lead
to errors and delays. Procedures for such changes often only consist of sending an e-mail. Imagine the possible consequences if , due to an oversight,
the user account of an employee who has left the company is not (properly) removed
or disabled in the network!
Offering advanced functionality to the organization
PeopleSoft Enterprise contains a lot of information which has the
potential of improving the service level for the organization. An example will
illustrate this. Since the relationship between a manager and an employee is
known in PeopleSoft Enterprise, it is possible to notify a manager by e-mail
if a new account has been created, together with the exact details of the employee.
This same relationship also makes it possible to give a manager access rights
to the employee's mailbox and home directory.
When an employee leaves the company, the removal of an account can be done
in phases. First, the account will be disabled immediately and moved to another
OU. After two months, the home directory data can be moved to a secondary storage
location. It would also be possible to automatically set an auto respond email
and to have all emails for the ex-employee forwarded to the employee's manager.
Meeting Service Level Agreements with minimum of staff
In many organizations, creating, editing and removing user accounts
takes approximately 30 minutes (excluding the correction of possible errors).
On average, 10 changes per week have to be implemented for every 100 users (Source:
Gartner). By establishing an automated link from Peoplesoft Enterprise to the
directory service containing the user accounts, the user account management
efforts for a systems administrator and / or helpdesk employee will be reduced
to close to zero. In case of an organization with 1000 employees, this would
already make 1 employee redundant for user account management.
Meeting Service Levels with cheaper human resources
Apart from the direct link with PeopleSoft Enterprise, forms can be made
available to the helpdesk employees with which any remaining user account management
task can be simply executed. Some examples: resetting and/or unlocking user
accounts, ad hoc editing of a user account, approving changes coming from PeopleSoft
Enterprise, etc. The use of forms does not require any technical knowledge from
the person in charge of managing user accounts.
Security/Auditing
If there is no solution available for user account
management, every employee involved in user account management needs to have
many privileges for the network. It may be necessary for instance, to give helpdesk
employees Domain Admin rights, giving them full access to all information the
network. When UMRA is implemented, these privileges are strongly reduced. An
IT employee can only execute those tasks for which UMRA has been configured.
Direct access (e.g. though ADUC or NTFS) is no longer possible.
Enforcing company policies
In UMRA, user account management is controlled through templates
and profiles. Using a template and profile, the Systems Administration department
can specify exactly how an account should be created. With the same mechanism,
quality standards of the Quality Control and / or Auditing Department can be
implemented. It is possible to implement company policies in different phases,
reducing the pollution of user account information step by step. This will result
in fewer security issues and will simplify the implementation of changes in
the network.
| 
