You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The green J-M-L flow is great. How I explain this flow:
J-M-L is the flow that contains the legal obligations between a person and an organization. Any JML change will be evaluated for IAM relevant consequences. The legal consequences can be generated in an HR dept, a student administration, hiring contractors and interns. The authorative source being eHRM, a Student directory, etc. IAM would just use the data from those repositories.
This means that Move only occurs when changing dept, manager or other HR related attribs that result in a change in the (legal) relation between the person and the org, like a new manager, a new dept. But nothing changes in the green flows.
But this does imply that manager induced changes (non-legal changes) can occur that do also result in Manage Access: It could means that a manager assigns a role to a direct report, but that change doesn't have legal consequences. So in the Joiner process we need to add a manage access block. In this 'legal relations' concept changing a role is not a Move, it's just a change that result in Manage Access. So we would have:
[Create identity], [Provision account], [Provision access], [Manage access].
I would also remove the [Authenticate] block. I don't know how to explain it.Or we should add it as a sub-process of [Provision account].
The text was updated successfully, but these errors were encountered:
In workforce I suggest the following changes:
The green J-M-L flow is great. How I explain this flow:
J-M-L is the flow that contains the legal obligations between a person and an organization. Any JML change will be evaluated for IAM relevant consequences. The legal consequences can be generated in an HR dept, a student administration, hiring contractors and interns. The authorative source being eHRM, a Student directory, etc. IAM would just use the data from those repositories.
This means that Move only occurs when changing dept, manager or other HR related attribs that result in a change in the (legal) relation between the person and the org, like a new manager, a new dept. But nothing changes in the green flows.
But this does imply that manager induced changes (non-legal changes) can occur that do also result in Manage Access: It could means that a manager assigns a role to a direct report, but that change doesn't have legal consequences. So in the Joiner process we need to add a manage access block. In this 'legal relations' concept changing a role is not a Move, it's just a change that result in Manage Access. So we would have:
[Create identity], [Provision account], [Provision access], [Manage access].
I would also remove the [Authenticate] block. I don't know how to explain it.Or we should add it as a sub-process of [Provision account].
The text was updated successfully, but these errors were encountered: