Staff IdM provisioning

lfrerichs1's photo
  1. Zero minute: person has an appointment, connected to a UNL cost object, added to SAP (current employment or future hire date)
  2. Zero minute: +~10 min added to IdM
  3. Zero minute: +~10 min added to LDAP
  4. Zero minute: +~60 min added to AD and emailidentity
  5. Zero minute: +~100 min added to blackboard
  6. varies, Zero minute +10 min to daily, added to several feeds like Ncard services, Library, campus rec, parking etc.
  7. every 6 hours (12am, 6am, 12pm,6pm) AD and IdM accounts are reconciled (reconcile job generally takes 10 - 30 min)
  8. (step 7 must be complete) User can self request O365 account
  9. central adds UNL emails SAP nightly.
  10. (step 9 must be complete) Added to Firefly access list
  • If a IdM claim account and/or an IdM password reset happens before step 7 the IdM password is not synced to AD.  The helpdesk does not need to be involved to remedy this step just set/reset the password again.
  • An O365 account can be created any time after step 4 provided that an AD password has been set. The only way for the user to set an AD password is wait until after step 7 but a local OU admin can do it any time after step 4 (provided the user is moved into the local OU by it's OU admins).

see also