One Identity Manager Video Series, Video No. 3: Use cases - Identities and Accounts

[MUSIC PLAYING] We are now going to create a new identity in an HR system. Typically HR systems are systems like SAP HR or any kind of HR system. And normally they are integrated into the identity management solution. In this demo environment, we are going to see that the HR system is really represented as a CSV file. So what I'm going to do, I'm going to open up the CSV file. I'm going to take a quick look at it. And then I'm going to add a new person at the end of the text file. Now, the text file is really just the first name and the last name. And one thing that needs to be unique in this demo environment is the employee number. We can also have department [INAUDIBLE] and cost center [INAUDIBLE] location, their roles, and a manager. Now, as I said, what I'm going to do, I'm going to go to the end of the file. I'm going to take a copy of the last person that's in the file already, like this. And I'm going to just change his name and his employee number. If you look at the line here, you can see that this person belongs to the marketing in Sweden. He is working as a role called PR, Public Relations. And he's also located in Stockholm. So I will give him a new first name. I will actually keep the-- Marcus is a good first name. I will change his last name to Andersson. And most important, I need to have a new number that is unique for the employee number. The next thing we're going to do is going to manually start import process from Identity Manager to read the new entry from the text file. I will do that by running one of the tools called a synchronization editor. Now, in the synchronization editor, we have the possibility to assimilate what's going to happen if we imported changes from this particular file. So I will press the Simulate button here. And what it's doing right now is generating a report. So this is what's going to happen if you continue to execute the synchronization against the text file. And as you can see in the file here, it's an import from an HR CSV file. And it also says if we are going to insert one new person, object, that is one new identity. So I simply pressed the Execute button here. And now in the background, the synchronization will happen. Now the new person is created in the system. And to take a look at the person I will use another tool called the manager. So I will open up the manager tool. And inside the tool, I will look at the employees. And as you can see on the screen, it's right now 134 employees in the system. If I pressed the Refresh button now, it's now 135. And a new individual was called Marcus Andersson. And he's located over here. So I simply double click on that individual. And I can see that he's on the way to be created into the system. So I will press that Refresh button here again. And as you can see now, he's now created in the system. He has a user ID of Marcus A. That's the way it works out of the box. It takes the first name and the first letter in his last name to create the user ID. We can see that he has a default email address. He has a location in Stockholm. He belongs to the marketing Sweden department. And he has a cost center of marketing. And he also has his primary role being in public relations. Now, he also had an Active Directory account. This Active Directory account will have a lot of Active Directory group memberships. These group memberships, if I click on it, as you can see, there's a long list of Active Directory group membership. It all comes from the fact that he works at marketing in Sweden. It's located in Stockholm. And he has a primary role of being public relations. All these settings come from pure configurations. This is nothing that I have built code or anything to create. It's just something that happens automatically. And since he's also now created in the system, he can also log on to the self-service portal to take a look at himself. So I bring up the end-user interface. I log on with his new user ID. And this is the default screen seen by a new user who's just been created into the solution. And as you can see, there's not that much he can do. He can or she can start a new request, and he can also look at his own profile up here on the right-hand corner. So if you look at his own profile, he will see that he belongs to marketing in Sweden, he's located in Stockholm, his nearest manager is Holger, and he has some information about the location, address information, and so forth. So this was a very simple way of showing how to import a new person from an HR system. And as you saw, he got a lot of entitlements. In this specific example, it was active director group memberships. Those are all based on the fact that we have configured different things for different departments and different things for different roles and locations. It's all configuration. We're now going to look at life cycle management. We're going to do that by showing two different things. First, we're going to show how to change the last name of a person and what happens when you do that. And secondly, we're going to look at another individual. And that individual we're going to move to another location and also change this person's primary business role. Now, these two persons we're going to manage, they share the same manager. So I'm going to use the same manager to change those two individuals. First of all, we're going to look at an individual called Jurgen Weber. So I will look at him from one of the tooling, the manager tool inside the Identity Manager. And as we can see, his last name is Weber, and his first name is Jurgen. We can also see that he has an account in Active Directory. And he also has an account in an offline demo system called sales report. Now, an end user cannot really change their last name themselves. So if I open up the web UI and log on as this Jurgen Weber, and if he looks at his profile and clicks on Contact Data, he can see quite quickly that the last name, first name, and default email address, they are really in read only. So he can't really change this. But the way we have configured this environment, his manager can actually change the last name. So I'm going to log on as the manager of Jurgen. Jurgen's manager is called Mia. And as you can see, his user now appears in my Direct Reports pane here on the front page. So I quite simply click on Jurgen. I click on Master Data. And I give him another name. I will give him a name that's easy to find in the list. So I change his last name to Abele. Now, immediately, when I press Tab here, things actually change. And they are actually indicated by this little icon here. And we can see that I changed the last name. But also, automatically his user ID and his email address will be automatically changed. And that's all fine in this example. So I will press Save here. Before I actually say Yes, I will open up the Active Directory, use the same computer's tool and search for him. Again, I haven't saved any changes yet. I search for Jurgen, and I can see that there is a user called Jurgen Weber in the Active Directory. And now I press Save. And in the background now, all the changes will be done. So the person itself will have a new user. If I go back on the screen here, we can now see that his name is now Jurgen Abele instead of Jurgen Weber. And also the changes will be reflected in the target application, in this particular example, in Active Directory. So now when I open up the Active Directory Users and Computers and I say I want to find your Jurgen again, his last name has been changed also in Active Directory. Now, that was a use case, where we changed the last name of the user. The second use cases to take another user and change a location belonging and a primary role membership. First we will take a look at that particular individual from the Manager tool. And I will search for him, and I'm going to change to a user called Mattias. And his last name is Fischer. Now, Mattias has the same manager as Jurgen had in previous use case. Now, Mattias, he's located in Berlin. And his primary role is account manager. So if we look at Mattias's Active Directory account, he has a lot of group membership that come from the fact that he's located in Berlin. For instance, the All Staff Berlin indicates that he is located in Berlin. And also he has some other Active Directory group membership that comes from the fact that he works as an account manager. Now, if we look at him from the Active Directory, we will say the same thing. So if we search for Mattias Active Directory, Mattias Fischer, and we look at his membership list, we will see the same groups, of course. I am still logged in as Mia. So if she goes to her Start page, and she is the manager of Mattias, she can open up Mattias Fischer here. She opens up the Master Data. And then the master data, she can select to change his primary business role and his primary location. So let's click on the Primary Business Role first. These are located under Job Roles, which is a hierarchical representations of a role structure we have in this demo environment. And we are going to change Mattias's primary role from account manager to presale engineer. And we're also going to change his location from Berlin to Dresden. And once we press the Save button and say Yes, all these changes will now happen in the background. So if I now take a look in the Manager tool again, and I double click on Mattias Fischer again, and I will see that his primary role now is presale engineer. He is now located in Dresden. And if I click on his Active Directory account, I will now see that he belongs to the All Staff in Dresden instead of All Staff in Berlin. And you also have other different belongings or Active Directory group memberships because he also has a new role now. Now, still logged on to the web interface as his manager, if I click back here, I can actually look at these changes done for Mattias now in the History View. If I click on the History View, that's going to give me a graphical representation of the changes done. And this was today. So I can see that he got something removed, and he also got something-- I can zoom in and zoom out. And I can see that on January the 7th, we removed the access to a Salesforce, and we provided access to a [INAUDIBLE] terminal. And we also took away his account in the sales report system because now he's a presale engineer, so he shouldn't have access to it anymore. So this is a very simple way of showing a life cycle management, and life cycle change for users. [MUSIC PLAYING]