Skip to main content

Automation

im_corp_automated_termination

Purpose:

This scenario implements an automated, multi-step termination process for existing users based on changes detected on a monitored system of record (SoR).

Configuration:

External data store (extdb) tables containing configuration relevant to this scenario:

  • hid_global_configuration: Adds TERMINATE_* and TERMINATION_* settings under the AUTOMATION namespace, to define parameters such as the target ID for the SoR, the pre-defined request to be used for automated termination requests or the criterion used to trigger the termination process.

  • im_termination: This is a policy table containing configuration details for each step of the termination process.

  • hid_policy_attrval_*: Adds rules involving profile and request attributes calculation and validation, required for the workflow engine and scheduled tasks to successfully process termination requests.

  • im_policy_authorization: Adds authorization rules for each workflow request that is part of the scheduled termination process.

Example: Termination of a user account originating from a System of Record.

This example shows you how to configure Bravura Identity to deactivate an account using information from a System of Record; for example, a termination date set on the account in Activate Directory.

Use this component when:

  • You want one or more source of record targets to be monitored for deleted records and generate a termination request while avoiding duplication.

  • You have contractors who should be terminated at a scheduled termination date.

  • You may have a business need to defer these termination dates, so you need advance warning of upcoming terminations.

  • You may have a business need to restore a terminated user whose accounts are in disabled status, so you need to configure archive and cleanup policy as part of termination.

Requirements

This use case assumes that:

  • You have installed Bravura Workforce Pattern .

  • You have configured the AD target system.

  • You have configured the HRAPP target system.

Configure automated termination

  1. Log in to Bravura Security Fabric as a superuser.

  2. Install Scenario.im_corp_automated_termination if it is not installed already.

  3. Click Manage external data store to verify the following tables are available and configured for the environment:

    • im_policy_authorization sets the authorization policies for termination pre-defined requests for both scheduled and urgent termination requests.

    • im_termination contains configuration details for each step of a scheduled termination process.

    • hid_policy_attrval_default sets the rules involving profile and request attributes calculation and validation, required for the workflow engine and scheduled tasks to successfully process termination requests.

    • hid_global_configuration adds TERMINATE_* and TERMINATION_* settings under the AUTOMATION namespace, to identify parameters such as the Target ID for the SoR, the pre-defined request to be used for the automated termination requests or the criterion used to trigger the termination process.

  4. Click the hid_global_configuration table.

  5. Adjust AUTOMATION settings as necessary:

    • TERMINATE_SOR_TARGET Sets the Source of Record for accounts. This will be a target system that contains the scheduled termination date.

    • TERMINATE_SOR_ROOT Sets the target root account.

    • TERMINATE_REQUEST_REASON Sets the request reason for the automated termination.

    • TERMINATE_PDR Sets the pre-defined request that the automated termination will use.

    • TERMINATION_TYPE Sets the condition to use to determine if a user is terminated.

    • TERMINATION_ATTR Sets the attribute used to determine whether a user should be terminated (only used when TERMINATION_TYPE = attribute).

    • TERMINATION_ATTR_VAL Sets the value to be used to determine whether a user should be terminated (only used when TERMINATION_TYPE = attribute).

  6. Customize PDRs as necessary.

    The following PDRs have been pre-configured for the termination scenario. However, you may want to customize to your needs. For example; edit the access control or change the operations.

    • SCHEDULE-NOTIFY

    • SCHEDULE-TERM

    • ARCHIVE-USER

    • CLEANUP-DELETE-USER

Schedule a termination

To test the automated termination component settings:

  1. Set the scheduled termination date for a user on the Source of Records.

    This process will be different for each organization based on the HR target you use.

  2. Execute auto discovery.

  3. Depending on the termination date specified one of the following will occur:

    • A termination warning will be submitted the recipient’s manager 10,15,30 days prior to termination.

    • The user will be disabled and when the terminated user attempts to login it will fail with a notice that the account is disabled.

  4. Execute auto discovery following the archive days (defaulted to 90).

    Users in a terminated state for the length of the archive days will have an archive request submitted to perform archive tasks.

  5. Execute auto discovery following the clean-up days (defaulted to 180).

    Users in an archived state for the length of the clean-up days will have an clean-up request submitted to perform clean-up tasks.

In this section: