Skip to content

Lifecycle Business Rules

Lifecycle Business is an HR model that defines the various stages in which a worker progresses within an organization. Lifecycle Business Rules provides 4 stages:

  1. Hire, Rehire
  2. Change of Role
  3. Termination
  4. Leave:
    • Long term leave
    • FMLA (Family and Medical Leave Act)
    • Legal
    • Security and Discipline

You can select the Employee Lifecycle required for your business use cases. At the runtime, the workflow will only process employee which match the selected stages.

Lifecycle Business Rules

Figure 1. Lifecycle Business Rules

Lifecycle Business Rules

Figure 2. Lifecycle Business Rules

Hire, Rehire

Create or reactivate user in Identity Platform upon hire, rehire. Using this operation, you can create an Employee profile in the Active Directory when an employee is created in HR system.

A common password for all employees - Select the "a common password for ALL employees" radiobutton. It will provide the textarea in which you can map from trigger data or put user input value for password. And you can also put some conditions using excel function.

Create user in AD

Figure 3. Create user in AD

Initial password length - Choose the initial password length to match your AD password policy. Password is randomly generated according to the provided length.

Create user in AD

Figure 4. Create user in AD

Write back work email to HR system during new hire process - The Identity management system will first generate emails for newly onboarded employees, and subsequently, these emails will be recorded in the business email field within HR applications.

Create user in AD

Figure 5. Create user in AD

Change of Role

Update user in Identity Platform when employee is updated in HR system. Using this operation, you can update an Employee profile in the Active Directory when employee is updated in HR system.

Whitelist (retain) some of the security groups and distribution lists - The selected security groups and distribution lists will not be touched when updating an employee profile.

Exclude Employee Attributes on Updating - The selected attributes will not be consider when updating an employee profile.

Write back work email to HR system when mail is updated - The email information will be updated in the Identity management system and subsequently entered into the business email field in HR applications.

Change of Role in AD

Figure 6. Change of Role in AD

Termination

Terminate user in Identity Platform when employee is terminated in HR system. Using this operation, you can terminate an Employee account in the Active Directory when an employee is terminated in HR system.

Choose OU for terminated user - All terminated users will be moved to the selected user group. You can choose "Do not change OU" from the dropdown if you do not want to change an OU.

Terminate user in AD

Figure 7. Terminate user in AD

Selected attributes will be purged on termination - All the selected Active Directory (AD) attributes will be purged upon termination.

Terminate user in AD

Figure 6. Purge user's AD Attributes upon Termination

Handling of Group Memberships

The group memberships will be updated upon terminating an employee profile based on the below selection.

Remove ALL assigned groups - All the assigned group memberships will be removed.

Retain ALL assigned groups - None of the existing group memberships will be removed.

Retain selected groups - The selected group memberships will be retained, rest will be removed.

Terminate user in AD

Figure 8. Handling the Group memberships on employee termination

Convert user mailbox to shared mailbox - Mailbox of employee will be converted to shared mailbox upon termination. For more information click here.

Terminate user in AD

Terminate user in AD

Figure 9. Terminate user in AD

And, if you have enabled 'Enable pre-boarding, future hires and scheduled terminations' on Application page then below mentioned options will be provided in the design.

Employee termination time - Choose preferred time to schedule the termination record of the employee. In this, the termination event will take place on the scheduled time.

Day(s) to terminate after the last day worked - Choose a day(s) to delay the offboard employee than its termination date. Initially the option none is selected, you can modify it as per the requirements.

Terminate user in AD

Figure 10. Terminate user in AD for Future Hire, Rehire and Termination

Involuntary termination based on the condition - Based on the provided condition, employee will be terminated effectively irrespective of the last day.

Terminate user in AD

Figure 11. Terminate user in AD with Multi Domain Controller

In a multi-domain controller setup, when selecting the 'Retain selected groups' option under 'Handling of security group and distribution list memberships', you can select Security Groups and Distribution lists for any of the base DNs in your AD.


Terminate user in AD

Figure 12. Terminate user in AD with Multi Domain Controller

Delete account after the aging period - User account will be deleted from identity management system after the specified aging period. Only the terminated employee account which match the criteria will be deleted. If none of the criteria matches, then default aging period will be selected.

Terminate user in AD

Figure 13. Delete user account after aging period

Exclude Employee Attributes on Terminating - The workflow would update employee attributes on termination if any attributes changed in HR platform. You can select not to change some attributes on termination.

Terminate user in AD

Figure 14. Terminate user in AD

Leave

An organisation can have multiple type of leave for their employees. Hire2Retire supports multiple type of leaves to choose from. Each type can be configured to specify employee's access differently for different leave types based on the requirement.

  1. Long-Term Leave: Long-term leave refers to an extended period off from work, usually beyond a few weeks or months. It could be due to medical reasons, maternity/paternity leave, sabbaticals, or other personal reasons. It is the general type of leave and is currently supported in Hire2Retire
  2. FMLA (Family and Medical Leave Act): FMLA is a federal law in the United States that entitles eligible employees of covered employers to take unpaid, job-protected leave for specified family and medical reasons with continuation of group health insurance coverage under the same terms and conditions as if the employee had not taken leave.
  3. Legal Leave: Legal leave refers to type of leave that is granted to an employee as required or protected by law. This could include leave for jury duty, military service, voting, or other legally mandated absences.
  4. Security and Disciplinary Leave: Security and Disciplinary leave is a type of leave that is imposed as a result of disciplinary action taken against an employee for misconduct or violation of company policies.

According to the leave types chosen, you can configure the below properties. You can configure one or many type of leaves according to the usage.

Disable User - (Optional) Select the Disable User checkbox to terminate the user.

Choose OU - Choose OU, which you want to configure for an employee which is on long term leave. You can choose "Do not change OU" from the dropdown if you do not want to change an OU.

Managing security groups and distribution lists

Retain ALL assigned groups - All the existing group memberships will get retained.

Remove ALL assigned groups - All the existing group memberships will be removed.

Retain selected groups - The selected group memberships will not be touched when an employee is on long term leave, rest will be removed.

Remove selected groups - The selected group memberships will be removed when an employee is on long term leave, rest will not be touched.

Process leave user in AD

Figure 15. Process leave user in AD

Process leave user in AD

Figure 16. Process leave user in AD with Multi Domain Controller

In a multi-domain controller setup, when selecting the 'Retain selected groups' option under 'Managing security groups and distribution lists', you can select Security Groups and Distribution lists for any of the base DNs in your AD.

Process leave user in AD

Figure 17. Process leave user in AD with Multi Domain Controller


In a multi-domain controller setup, when selecting the 'Remove selected groups' option under 'Managing security groups and distribution lists', you can select Security Groups and Distribution lists for any of the base DNs in your AD.

Process leave user in AD

Figure 18. Process leave user in AD with Multi Domain Controller

Exclude Employee Attribute - If you want any data that should not be updated, then you can check those attributes from the multi-select checklist when you leave an employee.

Process leave user in AD

Figure 19. Process leave user in AD