Goal: Streamline employee on-boarding process by establishing seamless and automated communication to IT support units within minutes of when new employee data has been entered into the HR OLPPS system. This is to enable quick turn around for providing access to UCSF and departmental IT resources. The aim is also to enable notification for when an employee is departing from the University so IT staff are able to proactively engage in following exit procedures such as recovering equipment, securing data and obtaining the signed Electronic Information Consent form.
Description: The required employee attributes will be extracted from the Enterprise Directory Service (LDAP). The job title, department and supervisor fields will be used to compare against a look up table to match the appropriate IT support unit and initiate automatic email notification . The IT support unit then has the required information to initiate requests for campus and Medical Center AD accounts and provision accounts required to access departmental/specialized IT resources. After the required access is provisioned, the user will then receive a basic IT Fact Sheet via email which will list the accounts provisioned, relevant contact numbers and information regarding access to VPN and MyAccess. Notifications will also be triggered for employees leaving the University based on the termination date so appropriate exit procedures are followed by the IT support units.
The Enterprise Directory Service (EDS) is a LDAP directory server maintained by the Identity and Access Management Services group. The data in the EDS is extracted from OLPPS and updated every 20 minutes. The main attributes required for each employee would be the Employee ID, full name, job title, department and employment termination date. The idea is to create a proof of concept where we minimize time lost between when an employee starts at the University and is able to access their email and login to their system. So, currently, the scope is limited to Radiology Desktop Support, School of Medicine ISU and the UCSF Service Desk teams. This project could be an interim step in the longer-term roadmap of the Identity and Access Management team to automate the provisioning of AD and email accounts and to provide a central access management tool.
- Automated email notifications upon new hires and appointment termination to corresponding IT support units.
- Generate basic access templates for users based on job titles and associated department. These “roles-based” access templates could serve as the basis for a larger roles-engineering effort which will be required as UCSF centralized access management is implemented for the University.
Impact on UCSF's mission and/or community:
- Provisioning accounts in a timely manner will reduce loss in productivity for new users
- Potentially lower the call volume to UCSF IT Service Desk from anxious users who are awaiting access
- Develop a foundation for future central access management systems at UCSF
- Heightened customer satisfaction
Participants: roles and effort
Pete Seatavakin: Visionary and subject matter expert (15% effort)
Pranathi Sundaram: Visionary, project manager and technologist. (15% effort)
John Chin: User and subject matter expert (15% effort)
Norma Fong: Subject matter expert (15% effort)
Lucas Rockwell: Consultant and user (15% effort)
Jeff Block: Technical lead and programmer (25% effort)