UMRA's Link with Paisy
Connection with Paisy
UMRA offers the ability of creating a link between Paisy and all user accounts across the network. This link allows UMRA to detect changes in Paisy, which it will automatically implement across the network according to predefined procedures. Examples of changes and procedures include:
| Change in Paisy | Network Procedure |
|---|---|
| New employee | A user account is created including an inbox, home directory and group memberships. |
| Employee assumes a new position | The user account is assigned more network privileges as a result of the employee’s promotion. |
| Employee leaves service | The user account is immediately disabled and migrated to another OU. After two months, the home directory and email data are migrated to secondary storage. |
| Employee gets married/divorced | The user account name is modified; the SID is kept. |
| Employee changes location | The home directory data is migrated to the nearest home directory server. |
Tools4ever offers dozens of predefined procedures that can be customized for any organization, ensuring quick and accurate alignment with the existing user account management process.
Benefits of an Automated Link
Shorter lead time for creating accounts – Changes (employees entering or leaving service, title changes, changes in contract details) are recorded meticulously and consistently by the HR organization in Paisy. As part of the first-day procedure, employees will be listed in the HR system from their first day at work. By linking the HR system to the user accounts across the network, changes can be implemented immediately and without errors. The account will have been created on an employee’s first day of work, along with all the relevant security settings for his or her job profile. This data will be present in all platforms and applications used by the organization.
Error-free user account creation – By linking Paisy to user account information across the network, changes can be implemented directly and without information loss. In traditional scenarios this will often involve a manual e-mail procedure prone to errors and delay. And just imagine the consequences if a user account for a fired employee is not disabled.
Availability of advanced capabilities across the organization – Paisy contains information that can be leveraged to improve internal service provision. Since the relationships between managers and employees are stored in the system, managers can be notified of newly-created accounts via e-mail, along with the exact employee details. Based on the relationships stored in Paisy, managers can also be assigned access privileges to employees’ mailboxes and home directories.
When an employee leaves the company, his/her account can be cleared in phases. First, the account is immediately disabled. Then, it can be migrated to another OU. It is also possible to migrate the employee’s home directory data to secondary storage after a two-month period, or to set an auto-responder message and to have all email forwarded to the employee’s manager.
Service Levels compliance with minimal staff – In many organizations, it takes an average of at least 30 minutes to create, modify or remove an account. The number of changes for 100 users is around 10 a week (Source: Gartner, IDC). By setting up a Paisy link, the effort required from systems administrators and/or a helpdesk agent will be reduced to practically zero. In an organization with 1,000 employees, this will quickly free up the time of one employee.
Service Levels compliance with cheaper staff – Besides providing a direct link with Paisy, UMRA offers forms that helpdesk agents can use to conveniently perform the remaining user account management tasks. Examples are resetting and/or unlocking user accounts, (ad hoc) modification of user accounts and the approval of changes proposed by Paisy. In practice the form interface imposes few demands on the user account administrator.
Security/Auditing - If no user management tools are available, everybody involved in user account management needs high network access privileges. For instance, helpdesk agents may require Domain Admin privileges as well as access to all information across the network. With User Management Resource Administrator, fewer privileges will be required. Moreover, IT agents will only be able to perform the tasks for which UMRA has been configured. Direct access (e.g. through ADUC or NTFS) will no longer be needed.
Enforcement of company policies – User account management is regulated in UMRA with templates and profiles. Using the template and profile, the systems administration department can indicate exactly how an account must be created. This mechanism can be leveraged to implement the policies used by the quality assurance and/or auditing department. Company policies can thus be implemented in phases while the pollution of user account data can be eliminated step by step. Reducing data pollution, in turn, will result in less security issues and makes implementation of changes across the network simpler.