Fast Track Identity Onboarding

Content Community Blog
, ,
1

Tutorials-Blue
Tutorials-Blue2401×1354 204 KB

Usecase:

In the realm of Identity and Access Management (IAM), onboarding a new employee can be a slow and manual process, often taking several days. It is a multi-step process involving inputs from managers and HR, then redirecting to relevant teams for proper provisioning before the user joins. This traditional onboarding process can be frustrating for new hires and managers for IT teams who are bogged down with administrative tasks. This workflow will help you automate the provisioning and speed up this entire process, eventually reducing the user onboarding time down to minutes/hours.

Solution Design

In addition to the built in Identity on-boarding process in Sailpoint ISC which we use for provisioning accounts and assigning birthright roles, we will use a form and a workflow for this solution. The form will help us to collect information from the manager. We will use that information to drive our workflows to assign roles and create service now tickets. I have three different workflows doing these tasks.

Workflow 1:

  • Trigger: Identity Created
  • Send a form to manager to collect information
  • Send an email confirmation back to manager after form submission

Workflow 2:

  • Trigger: Form Submitted
  • Create a Service Now Ticket
  • Send Notification to Manager with Ticket Number
  • Wait a week and Check Ticket Completion Status
  • Notify Manager of ticket completion status
  • If ticket reaches due date without any update, notify Manager to follow up with Team offline.(optional)

Workflow 3:

  • Trigger: Form Submitted
  • Check if the manager has selected any ad-hoc roles to be assigned to user
  • If yes, use Manage Access step to assign the ad-hoc role to identity

The Form

The form is simple to design and can have multiple sections.

Section 1: The Company Logo/Branding/Form header

In this section you can add your company logo/Image in the Image field and also a description field to provide brief information about the form.

image
image988×222 29.5 KB

Section 2: The Employee Information

In this section you can add the employee information like their employee name, employee number, email phone, location etc. It includes text and toggle fields. We will look into pre-populating some of these attributes in Form Input section below.

image
image989×728 16.1 KB

Section 3: The IT Resource Information

This section presents the manager with a drop down to choose hardware and software to be provisioned for the user. It includes text, toggle, select, column set and text area fields which are easy to configure as shown in the diagram below.

image
image788×845 18 KB

Section 4: Additional Roles

This section presents the manager with a drop down to choose if any additional ad-hoc roles can be provisioned to the user. It consists if a select field which displays a list of roles available in the system.

image
image983×339 8.14 KB

Now that we’ve designed the form, let’s look into some of the Form inputs and conditions to make it work.

Form Inputs

All the attributes in the Employee Information section like Employee Name, Number etc need to defined as form inputs so we can pre-populate them when the form loads.

They can be defined as below:

image
image995×870 25.9 KB

Form Conditions

We use form conditions to control which fields are shown to the user based on the inputs and rules defined. For this form we will configure the following conditions to pre-populate the data, make fields e read only and hide and show certain fields based on the manager selection.

image
image991×602 13.9 KB

image
image974×708 13.4 KB

image
image970×572 11 KB

image
image975×277 5.25 KB

The workflows

1. Fast Track Identity onboarding Workflow

Let’s look at the first workflow. This workflow is triggered each time a new Identity is created. After it triggers we wait for a few minutes to let the built in account and roles provisioning to complete. The form action will send the onboarding form to the manager. Once the manager completes the form, we send an email notification back to them confirming the inputs.

FastTrackUserOnboarding20240408
FastTrackUserOnboarding20240408410×804 11.8 KB

2. Create Service Now Requests Workflow

Here’s the second workflow which uses the form inputs to create service now tickets. This workflow branches based on the type of hardware eg. a windows or a mac or other. This helps to redirect the ticket to different assignment groups and set a few other fields on the ticket as well. You can make changes to this workflow and add email actions for more reminder/escalations that can be sent out before the ticket reaches it’s due date.

UserOnboardingServiceNowRequests20240408
UserOnboardingServiceNowRequests202404081090×2170 165 KB

3. Assign Roles to User Workflow

Finally to the third workflow. In this one, we start off by checking if the manager selected any roles to be assigned. If there are, we use the standard Manage Access step to assign those roles to the user. If the role has any approval workflow assigned, it will follow that before getting provisioned. If not, the role will be auto provisioned.

UserOnboardingAssignRoles20240408
UserOnboardingAssignRoles20240408818×1160 34 KB

Please feel free to tailor these workflow to fit your requirements.

You can find more details on this form and workflow implementation in the developer days video here : Fast track identity onboarding

JSON files

Please see attached the JSON files for the form and the workflows. Please note you may have to make cosmetic edits to the JSON files before you can import them to your tenant for use.

Cybersolve User Onboarding Form.json (36.0 KB)

FastTrackUserOnboarding20240408.json (5.2 KB)

UserOnboardingServiceNowRequests20240408.json (16.1 KB)

UserOnboardingAssignRoles20240408.json (2.1 KB)

Conclusion

This solution might help you to streamline your workflows and slash user onboarding times and get your new hires up and running faster.

7 Likes