Skip to main content

Leave of absence

Bravura Security Fabric can update a user’s leave of absence status and disable their accounts on the specified date they leave and enable them again on the date the user returns. This is particularly useful when employees take paternity or maternity leave.

im_corp_loa

Purpose:

This scenario component implements a leave of absence (LoA) use case, where users can be disabled for a defined period of time, after which their access is automatically reactivated. When installed, it configures a number of pre-defined requests as well as a dedicated policy engine for granular control over each step of the process.

Configuration:

External data store (extdb) tables containing configuration relevant to this scenario:

  • im_leave_of_absence: Adds policy settings to control all aspects of the leave of absence process.

  • im_policy_authorization: Adds authorization rules to facilitate the fulfillment of LoA related requests without requiring any authorization, since all workflow requests are driven by scheduled tasks and API users.

  • hid_policy_attrval_*: Adds rules for handling LoA related profile attributes (LEAVE-*), which may have to be updated as part of these requests.

Example: Leave of Absence - Offboarding and Onboarding

A leave of absence can be applied to staff who will be on extended leave, such as sabbaticals, study, parental, and medical leave. A manager will request a leave of absence on behalf of a user and set start and return dates. A scheduled task will run to trigger the leave of absence and disable the user’s accounts.

Since leaves of absence are intended to be reversible, accounts are not deleted, and group memberships are not revoked – the only actions are to disable and later re-enable accounts and user profiles.

This example shows how to install the component that controls corporate leave of absence policies, lists the pre-defined requests that will need customization to your environment, and walks you through a leave of absence request.

Requirements

This example assumes that:

  • Bravura Identity and Connector Pack are installed.

  • An Active Directory target system has been added as a source of profiles

Deploy Leave of Absence

To deploy the leave-of-absence component:

  1. Install Scenario.im_corp_loa.

  2. Click Manage external data store to verify the following tables are available and configured for the environment:

    • HID_GLOBAL_CONFIGURATION to set targets that are a source of profile ID

    • HID_POLICY_ATTRVAL_DEFAULT to set relative default values

    • HID_POLICY_ATTRVAL_VALIDATION to set input validation

    • IM_LEAVE_OF_ABSENCE to set leave of absence configurations

    • IM_POLICY_AUTHORIZATION to set authorizations for the requests

  3. Configure the membership of the LOA-AUTHORIZERS user class.

  4. Configure the following pre-defined requests:

    • LOA-EFFECTIVE

    • LOA-REQUEST

    • LOA-RETURN

    • LOA-RETURNED

As a manager, request a leave of absence using the pre-defined leave of absence request

To test this feature, request a leave of absence:

  1. Log in to Bravura Security Fabric as a manager.

  2. Click View and update profile under Other users .

  3. Select the user to request a leave of absence for.

  4. Click Leave of absence.

  5. Fill out and submit the request.

  6. If required, log in to Bravura Security Fabric as an authorizer and approve the request.

  7. Allow the start date to pass so that LOA-EFFECTIVE can trigger the event.

  8. Verify that the user has been modified as follows:

    • The user’s status should be set to on leave.

    • The user’s profile and account should be disabled.

See also:

In this section: