How can HR data be used to set up application access accounts?

François Poulet

|

Product Manager at Youzer

12/2021

Articles
>
ITSM automation
The use and transformation of HR data to integrate with the creation of application accounts.

Contents

Creating accounts for new employees

When a new employee arrives, the Onboarding stage is fundamental. For the IT team, this is the time to create accounts in the various applications and prepare the hardware for the new arrival.

Creating accounts is the most time-consuming task. And it's becoming increasingly so: the number of applications is multiplying, and for each of these applications, account creation requires more and more parameterization.

The average employee uses around fifteen applications. Each of these applications has around 5 parameters (this figure is greatly underestimated for Active Directory, for example, which has several dozen). And each parameter requires copying and pasting between HR administrative information and the administration interfaces used to create the various accounts.

1 new employee = 15 applications = 15 x 5 parameters to be entered = 150 copy/paste operations to be carried out

The recovery of a new employee's administrative information is necessary for the creation of his or her access accounts to Active Directory, Office 365, GSuite etc...

Envie de voir une démo instantanée de Youzer ?  
View demo

Different types of fields and information

There are several types of information:

  • Raw information : this is the information that is copied and pasted without any transformation: the employee's first or last name, which is transferred as it is to the corresponding fields in the application on which the account is to be created.

  • ‍Calculated information: this is the information that is transformed on the basis of the information available to us. For example, to "manufacture" the login field (UPN, LoginName...), we'll use the first letter of the first name followed by a dot and the last name.‍

  • Transformed information: thanks to correspondence tables, the values to be filled in are transformed from HR information. For example, an Organizational Unit (OU) in the Active Directory can be determined from the user's geographical location, which has been converted using a correspondence table. In Excel, this is the equivalent of the SearchV function.

  • Operational information: this is perhaps the most difficult information to obtain, as it is known only to the operational team (often the manager), who does not yet have the information when the account is created. For example, a salesperson to whom we want to assign a "territory" in Salesforce. This information can be defined well after the employee's arrival, at the time of confirmation of their trial period, for example.

  • ‍Transverse information: this information is retrieved from another resource. For example, the badge number that we want to carry over to one of the Active Directory fields, and which must therefore be retrieved once the badge has been created and assigned.

Would you like to receive our white paper on identity and access management?

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

How to retrieve HR information

HR information is relatively easy to retrieve from HRIS. APIs or exported files provide the information needed to create accounts. For more information on this point, please consult this article on HRIS.

How to integrate HR data into applications

That's where the difficulty begins :)

For it is precisely this integration of transformed or raw information that is tedious. Manually, everyone can do it: it's a matter of copying and pasting or simply entering information into the account creation interfaces. The interfaces are more or less ergonomic, but input is aided to some extent by drop-down lists, checkboxes or choices to be made from predefined lists.

It's the automation that's tricky. Because automation means scripting account creation for each application. Each application has its own "language": API, script, batch, powershell, SQL etc... It is difficult to develop and maintain automations for each application. It is also necessary to support the new applications that arrive regularly and fill the application repository.

That's why it's preferable to use a tool that automates the various creations in different applications. Youzer can be used to manage SaaS or on-premise applications, on different technologies and in different environments.

Récap'IT the IT Newsletter

Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the month's IT news.

We have been unable to confirm your registration.
Your registration is confirmed! You'll receive your next Récap'IT at the end of the month 😊

Recommended items

How do I connect my HRIS and my Active Directory?
I don't need an identity and access management solution: I manage!
Understanding Active Directory and how it works with IAM

Discover Youzer, the first
platform for easy management of your users and their access.

Test YouzerBook a demo

Close

Hey! you know the drill :) We use anonymous data analysis cookies. By "Accept all cookies", you help us understand (anonymous) page views. Learn more about our privacy policy.
PreferencesRefuseAccept