Connector with Kronos
Connection with Kronos Software
Identity and Access Management (IAM) offers the ability of creating a link between Kronos software and all user accounts across the network. This link allows IAM to detect changes in Kronos, which it will automatically implement across the network according to predefined procedures.
Tools4ever offers dozens of predefined procedures that can be customized for any organization, ensuring quick and accurate alignment with the existing user account management process.
Benefits of an Automated Link
Shorter lead time for creating accounts – Changes (employees entering or leaving service, title changes, changes in contract details) are recorded meticulously and consistently by the HR organization in Kronos software. As part of the first-day procedure, employees will be listed in the HR system from their first day at work. By linking the HR system to the user accounts across the network, changes can be implemented immediately and without errors. The account will have been created on an employee's first day of work, along with all the relevant security settings for his or her job profile. This data will be present in all platforms and applications used by the organization.
Error-free user account creation – By linking Kronos software to user account information across the network, changes can be implemented directly and without information loss. In traditional scenarios this will often involve a manual e-mail procedure prone to errors and delay. And just imagine the consequences if a user account for a fired employee is not disabled.
Availability of advanced capabilities across the organization – Kronos contains information that can be leveraged to improve internal service provision. Since the relationships between managers and employees are stored in the system, managers can be notified of newly-created accounts via e-mail, along with the exact employee details. Based on the relationships stored in Kronos, managers can also be assigned access privileges to employees' mailboxes and home directories.
When an employee leaves the company, his/her account can be cleared in phases. First, the account is immediately disabled. Then, it can be migrated to another OU. It is also possible to migrate the employee's home directory data to secondary storage after a two-month period, or to set an auto-responder message and to have all email forwarded to the employee's manager.
Service Levels compliance with minimal staff – In many organizations, it takes an average of at least 30 minutes to create, modify or remove an account. The number of changes for 100 users is around 10 a week (Source: Gartner, IDC). By setting up a Kronos link, the effort required from systems administrators and/or a helpdesk agent will be reduced to practically zero. In an organization with 1,000 employees, this will quickly free up the time of one employee.
Service Levels compliance with cheaper staff – Besides providing a direct link with Kronos, IAM offers forms that helpdesk agents can use to conveniently perform the remaining user account management tasks. Examples are resetting and/or unlocking user accounts, (ad hoc) modification of user accounts and the approval of changes proposed by Kronos. In practice the form interface imposes few demands on the user account administrator.
Security/Auditing - If no user management tools are available, everybody involved in user account management needs high network access privileges. For instance, helpdesk agents may require Domain Admin privileges as well as access to all information across the network. With User Management Resource Administrator, fewer privileges will be required. Moreover, IT agents will only be able to perform the tasks for which IAM has been configured. Direct access (e.g. through ADUC or NTFS) will no longer be needed.
Enforcement of company policies – User account management is regulated in IAM with templates and profiles. Using the template and profile, the systems administration department can indicate exactly how an account must be created. This mechanism can be leveraged to implement the policies used by the quality assurance and/or auditing department. Company policies can thus be implemented in phases while the pollution of user account data can be eliminated step by step. Reducing data pollution, in turn, will result in less security issues and makes implementation of changes across the network simpler.