Automate user onboarding in AD and HR systems

A few months ago, a client turned to us to automate their user onboarding. At the school administration office of a city in Canada, the IT department, along with the HR department, is responsible for onboarding thousands of teachers and other education professionals.

With our IAM solution IDM-Portal, we offer a user-friendly interface that enables the delegation of onboarding tasks to non-IT staff. User data is not only maintained directly in Active Directory, but also in Entra ID and the HR system used.

The original onboarding process

Let’s start with our concrete example: school number 002 has hired a new math teacher. He started on Monday, January 1, 2022.

In the first step, the HR department of the school administration office was responsible for onboarding the new employees. The HR department collected the most important contact data (last name, first name, etc.) and sent an email to the IT department to create an account in Active Directory. In parallel, the HR department created a user profile in their HR system.

As soon as the profile was created by the IT department in AD, the teacher received an email address and the first logins. However, a lot of information was still missing (office number, phone number, school address, etc.). This information was again taken by the secretariat of the school where the teacher was assigned and sent by e-mail to the HR department and IT department. After the information was transferred to AD and the HR system, the teacher finally received all the necessary authorizations.

Several problems are already apparent here:

• duplicate data maintenance
• risk of errors due to manual transmission of information
• loss of time and waiting

In addition, the secretary’s office had to contact both departments (IT and HR) by e-mail every time there were further changes. With thousands of employees, this was an enormously time-consuming and labor-intensive process.

The requirements

In view of the problems just mentioned and the increasing shortage of personnel, the IT department would like to automate or delegate as many routine identity management tasks (user onboarding) as possible.

In addition, a new employee should be fully integrated from day one and have all the necessary access to start working immediately.

Finally, the company wants a solution that also incorporates the company’s HR system (Sage) to avoid duplicate data processing.

Automate user onboarding with the FirstWare IDM-Portal

The new process with IDM-Portal consists of four steps and involves only the HR department and the secretariat. We present to you what the practical solution looks like:

Step 1: The creation of a new user takes place in IDM-Portal. Thanks to the role-based delegation in the portal, the HR department, for example, takes over this task. An account is automatically created in Active Directory (if necessary also in Entra ID) and in the HR system. IT does not need to do anything else, as the process is completely automatic.

The HR department maintains the following data:

• Name
• First name
• JobRoleNumber

JobRoleNumber: Each profession corresponds to a number. Example: teacher = 3000, principal = 1000.

Based on this simple data, the following information will be filled in automatically:

• E-mail address
• Password
• Initial
• Username
• Group membership (based on JobRoleNumber).

IDM-Portal tip: It is possible to plan the creation of the account in advance so that access starts only on a certain day and at a precise time.

Step 2: Once the user account is created in the HR system, an employee number is automatically created by the HR system and automatically updated in the IDM-Portal and Active Directory.

Step 3: Now, theoretically, the new employee can already work, even if some information is still missing.

Step 4: The school secretariat of the new teacher’s assigned school enters the additional information in IDM-Portal:

• Name of the school
• Address
• Office number
• Phone number

IDM-Portal tip: Using a dropdown, the secretary simply selects the correct school from the list and the address data and telephone numbers are automatically filled in.

The data that the IT department and the HR system need is updated automatically. For example, the school’s address updates in the HR system and Active Directory. The changes take place practically immediately.

Summary: Save costs – increase happiness

The advantage of the new onboarding process is that it completely eliminates the need to manually send data back and forth between departments. Automation ensures instant updates between systems so that data is at the same level everywhere.
Since the introduction of IDM-Portal, the IT department of the school administration office no longer manages data processing related to onboarding. This is a huge relief for an already overburdened IT department.

The data is updated faster and the new employees can start working immediately. Proper maintenance of data also enables automatic assignment (or removal) of permissions. This helps keep governance policies under control.

Do you have a similar problem and want a quick and practical solution? Contact us and get to know our FirstWare IDM-Portal. Many companies rely on it – be one of them!

Get in touch