Manual requests
im_corp_manual_termination
Purpose:
This scenario implements use cases for both scheduled and urgent termination of users. When installed, this component configures a number of pre-defined requests as well as a dedicated policy table for granular control over each step of a scheduled termination process.
Configuration:
External data store (extdb) tables containing configuration relevant to this scenario:
im_termination: This is a policy table containing configuration details for each step of a scheduled termination process.
hid_policy_attrval_*: Adds rules involving profile and request attributes calculation and validation, required for the workflow engine and scheduled tasks to successfully process termination requests.
im_policy_authorization: Adds authorization rules for both scheduled and urgent termination requests.
Example: Deactivate users manually
This example shows you how to install the scenario component that implements use cases for both scheduled and urgent termination of users. When installed, this component configures a number of PDRs as well as a dedicated policy table for granular control over each step of a scheduled termination request via the UI using a PDR.
Use this component when:
You have contractors who should be terminated at a scheduled termination date.
You may have a business need to defer these termination dates, so you need advance warning of upcoming terminations.
You have to trigger an urgent termination of a user.
You may have a business need to restore a terminated user whose accounts are in disabled status, so you need to configure archive and cleanup policy as part of termination.
This example assumes that:
You have installed Bravura Workforce Pattern .
You have configured the AD target system.
You have configured the HRAPP target system.
Log in to Bravura Identity as a superuser.
Install
Scenario.im_corp_manual_termination.Navigate to
Manage external data storeto verify the following tables are available and configured for the environment:im_policy_authorization sets the authorization policies for termination pre-defined requests for both scheduled and urgent termination requests.
im_termination contains configuration details for each step of a scheduled termination process.
hid_policy_attrval_default sets the rules involving profile and request attributes calculation and validation, required for the workflow engine and scheduled tasks to successfully process termination requests.
Click Manage the system > Workflow > Pre-defined requests .
Configure the following pre-defined requests as needed:
SCHEDULE-NOTIFY Used to set notification attributes for scheduled termination during the notification stage of the termination.
SCHEDULE-TERM Used to disabled user accounts and set termination attributes.
ARCHIVE-USER Used to archive user accounts and home directories.
CLEANUP-DELETE-USER Used to delete user accounts and personal information.
REHIRE Used to enable user accounts after they have been terminated. This pre-defined request is valid if the user is allowed to be rehired.
URGENT-TERM Used to terminate a user immediately. The user will not be allowed to be rehired after this request is issued.
RESTORE-TERMINATED-USER Used to restore a user that was terminated.
Configure termination policy based on the business logic required using Bravura Identity.
Log in to Bravura Identity as a superuser..
Click Manage external data store > im_termination table .
Modify settings to suit your needs. While the default settings are sufficient for majority of cases the following can be changed:
pdrid The pre-defined request id to be submitted.
reason The reason to be appended to the pre-defined request.
days Applies to archive and warning .
For archive , this defines the number of days after termination to archive or delete the user.
For warning , this defines the number of days before leave of absence to send a notification.
to Applies to disable and warning . List of email addresses to send notifications to.
to_fallback Applies to disable and warning . A fallback email address to send notifications to (if the ’to’ condition described above yields no valid email addresses). This can be a comma separated list of email addresses.
subject Applies to disable and warning . Email subject tag.
body Applies to disable and warning . Email body tag.
manager_propagate Applies to archive . If ’true’, update the ORGCHART_MANAGER attribute for the archived user’s subordinates to the archived user’s managers.
detach_grp Applies to archive . If set, remove the archived user from the specified groups. Group must be in the form TARGETID:GROUPFQN. Can be set multiple times.
attach_grp Applies to archive . If set, add the archived user from the specified groups. Group must be in the form TARGETID:GROUPFQN. Can be set multiple times.
requester The requester userid. If set, will be used instead of the default _API_USER. If specified multiple times, the first valid requester will be used.
delete_data Whether sensitive user data should be deleted as part of user termination.
deletion_attrs A comma separated list of personal user attributes which should be deleted as part of termination.
Click Manage external data store > im_policy_authorization table. The default settings are sufficient for the majority of cases you can change the authorization flow as desired by the business logic.
Test your configuration as follows:
Log into Bravura Identity as a manager.
Navigate to the menu option for the user to be terminated.
Submit the Scheduled or deferred termination PDR with the scheduled termination date far enough in the future.
Confirm that the user’s manager is warned by email about the approaching termination date of user once per warning period as per the policy.
Confirm that after the termination date elapses, the user is terminated, their profile is disabled and their accounts are disabled, archived and cleaned up according to policy.