Transcript
Today in my presentation I will be going over forms and workflows and how they can be leveraged in SailPoint NURM for various use cases around non-employees. Some of the common use cases that we see for non-employees are onboarding, offboarding of the non-employees, transferring the contractor from a different department or manager or extending their end date and even sending a notification to the manager when their end date is approaching. A few of the key components that I've used in my solutions are going to be attribute forms, pages and workflows. Attributes are nothing but an object that stores information about a profile, for example first name, last name, email address and there are around 13 to 14 different kind of attributes that you can create in NURM and to just give you an example it could be a text field, text area, a drop down, tags, checkbox, radio buttons, so there are plenty of different kind of attributes that you can create and there's another component called value builder which is, if I have to give you a reference, it's more like transformer rules that can be used to dynamically generate the value of the attribute and it can be used for attributes like employee number, usernames, email address. Moving on to the next component form, forms are nothing but a collection of attributes that can be displayed to the performer requester and it can be used to gather the data or display the data. There are certain kind of forms, for example request form, approval forms and read only forms that can be used within the workflows at various stages of the business process. What you see on the screen is how a form looks. On the left hand side I have a form which shows you different attributes like first name, last name and they are of type text field and then you can also see I have a supervisor which is of a profile search, which can pull all the supervisors from the system and you can display to the performer to select the manager of a profile. Then on the right hand side I have another attribute which is of a top down type and you can see it has some pre-populated values that can be used while creating the profile. Again these values can be pre-populated at the time of attribute creation or you can add it even later on. Moving on to the next component are pages, pages are a collection of forms and few other components in the system. Pages can be used to create different sections within the page, for example you can have a form which displays or collect personal information of the profile or you can have another form which collect employment information for the profile and then you can have another form within the page to collect some of the additional attributes and there are a few other additional components that you can add to the page, for example page title, page owner information, page progress bar so that someone who is performing or creating the contract can see how many steps have been completed and how many are pending. And moving on to the next component, workflows, so there are four types of workflows in create, update, batch and automated and as the name suggests create is to create the profile, update is to update the profile, batch is when you want to run the same action for multiple profiles and automated is when you want to trigger a workflow automatically based on certain conditions and I will go over some of these during my demo. So what you see on this slide is a create workflow and it's very similar to what we see on identityIQ that you have a quick link through which you can trigger this workflow. So this is just a snapshot of how the create workflow look like on the screen and then moving on to the next workflow which is update workflow, so update workflow doesn't display on the dashboard, it is displayed when you select a profile and when you want to modify that profile, so that's why it's update workflow. Moving on to the next one which is a batch workflow, again as I said batch workflow is when you want to perform the same action for multiple profiles, you can use batch workflow and here you can see that I have a condition called profile status is terminated and all the profiles which have been terminated in the systems are displayed there and I can choose to select couple of them or all of them and I can trigger a batch workflow which will be just to activate them in the system. The next workflow is automated workflow which is triggered when a certain condition is met for example sending notification to the manager when the end date is approaching or even triggering the rehire on the effective start date or even triggering termination on the effective end date. So these workflow will automatically be triggered when the conditions are met. Now let's get into the demo part, let me pull up my name instance, so what you see on the screen is I have logged in as a admin or as a manager and as you can see on the screen I have two, as you can see I have two create profiles, workflow create non-employee and rehire non-employee. So these are displayed on the dashboard because these are create workflows and I will be going over the create non-employee process first. So on the screen what you see I have a create non-employee workflow, so this is displayed more similar to what we see as a quick link in IAQ. So let me start the creation of non-employee workflow, so the first action on this workflow is to gather the information about the contractor that we are going to create, so let me input the information here, I already have some of the demo users created, so let me enter the start date and you can have different kind of validations on start and end date, for example the start date cannot be in the past or end date cannot be more than 365 days, so these validations are available for you to use out of the box. And let me select the supervisor, so you can definitely have more filters here, for example if you are creating a non-employee for a particular department, so you can only pull employees from that particular department, so you can have that kind of filters for the supervisor and depending on what kind of contractor you are creating, you can have different fields populated, so in my case if I am selecting contractor then I will have few fields generated and if I am selecting student then I can display another form which you can request for more information like student enrollment number or the field of study, so let me select contractor and then I will select what's the vendor company for this contractor and then once the form is submitted, there will be another review form that's going to come up for me, I think this system is little slow, so while this is waiting to get submitted, the second use case I want to demo is transferring the contractor from one manager to another manager, so that is of type update, so anyone who is logged in and has access to that workflow will be able to trigger the workflow and then that sponsor or manager will become the new manager of that profile, let me try to resubmit this, so as you can see I have a review form, if I want to change any of these fields, I can go back and then update that, for example if I have selected wrong manager, I can go back and update the manager and then let me go ahead and approve this form and then this form has a approval work item associated to it, so there's an approval I need to submit, so let me say approve it and then this will go to the sponsor or supervisor that has been selected at the time of creation, so let me go ahead and approve it and then once the form has been submitted, you will see that a profile has been created and let me pull that file, so as you can see here there are few fields that were not calculated or requested at the time of contractor creation, for example like username, worker ID, so all these fields have been generated through value builder and even the contractor email address, so once your contractor profile has been created, you can aggregate that in CLPaintEntity now and then you can ground the access to that non-profile, so another use case I want to show is the transfer contractor, again since it's an update workflow, it will be visible when you select a profile, so I have it here displayed here as a quick link, so once I click this transfer contractor, it will again show me information about the profile, what's the current profile data and what's the current supervisor and who is going to be the new supervisor and there are some additional fields that you see on the screen which can be pulled from the manager, for example if you want the non-employee to or the contractor to have the same area, department or group as the supervisor or the manager, you can automatically pull that from the sponsor profile, while we are waiting for this, let me go ahead and run the aggregation, this might take few seconds to run and pull the profile, so let me jump back to the transfer contractor, so as you can see here, it's showing me some information about the profile that I've selected, who is the current supervisor and who is going to be the new supervisor and what value will be inherited from the new supervisor, so you can see the contractor will get all these value populated based on and I can select whether I want to transfer this profile immediately or I want to do it in future, so again that's an option too and once I approve this, I will see all those values getting updated into the profile and then that can be pulled into your IG platform and update the access accordingly, so that concludes the demo and just as a recap, I hope this give you a sneak peek on how you can leverage SailPoint NUM for contractor onboarding and offboarding and similar to what we have traditionally seen in a queue using custom forms and workflows, thank you.
