Lifecycle Business Rules

Lifecycle Business is an HR model that defines the various stages in which a worker progresses within an organization. Lifecycle Business Rules provides 4 stages：

1. Hire, Rehire
2. Change of Role
3. Termination
4. Leave:
   • Long term leave
   • FMLA (Family and Medical Leave Act)
   • Legal
   • Security and Discipline

You can select the Employee Lifecycle required for your business use cases. At the runtime, the workflow will only process employee which match the selected stages.

Figure 1. Lifecycle Business Rules

Figure 2. Lifecycle Business Rules

Hire, Rehire

Create or reactivate user in Identity Platform upon hire, rehire. Using this operation, you can create an Employee profile in the Active Directory when an employee is created in HR system.

A common password for all employees - Select the "a common password for ALL employees" radiobutton. It will provide the textarea in which you can map from trigger data or put user input value for password. And you can also put some conditions using excel function.

Figure 3. Create user in AD

Initial password length - Choose the initial password length to match your AD password policy. Password is randomly generated according to the provided length.

Figure 4. Create user in AD

Write back work email to HR system during new hire process - The Identity management system will first generate emails for newly onboarded employees, and subsequently, these emails will be recorded in the business email field within HR applications.

Figure 5. Create user in AD

Pre-boarding & On-boarding

Select the time to execute preboarding and onboarding - This field is used to choose the timestamp when the preboard or onboard event should be performed.
With the help of the lookup table (highlighted in red), you can choose any attribute value as a filter. If the filter passes, the timestamp provided in the filter will be used; otherwise, the default time will be used for the event.

Figure 6. Time stamp for preboard and onboard event

Days in advance of start date to pre-board employee - This field is used to select the number of days before the start date to perform the preboard event.
With the help of the lookup table (highlighted in red), you can choose any attribute value as a filter. If the filter passes, the days provided in the filter will be used; otherwise, the default value of days will be used for the event performance.

Figure 7. Days in advance for preboard event

Time in advance of start date time to enable the account - The checkbox (highlighted in blue) is used to select the time (4, 8, or 12 hours) before the start date time to enable the account.

Figure 8. Time in advance for enabling account

Change of Role

Update user in Identity Platform when employee is updated in HR system. Using this operation, you can update an Employee profile in the Active Directory when employee is updated in HR system.

Whitelist (retain) some of the security groups and distribution lists - The selected security groups and distribution lists will not be touched when updating an employee profile.

Exclude Employee Attributes on Updating - The selected attributes will not be consider when updating an employee profile.

Write back work email to HR system when mail is updated - The email information will be updated in the Identity management system and subsequently entered into the business email field in HR applications.

Figure 9. Change of Role in AD

Termination

Terminate user in Identity Platform when employee is terminated in HR system. Using this operation, you can terminate an Employee account in the Active Directory when an employee is terminated in HR system.

Choose OU for terminated user - All terminated users will be moved to the selected user group. You can choose "Do not change OU" from the dropdown if you do not want to change an OU.

Figure 10. Terminate user in AD

Selected attributes will be purged on termination - All the selected Active Directory (AD) attributes will be purged upon termination.

Figure 11. Purge user's AD Attributes upon Termination

Handling of Group Memberships

The group memberships will be updated upon terminating an employee profile based on the below selection.

Remove ALL assigned groups - All the assigned group memberships will be removed.

Retain ALL assigned groups - None of the existing group memberships will be removed.

Retain selected groups - The selected group memberships will be retained, rest will be removed.

Figure 12. Handling the Group memberships on employee termination

Convert user mailbox to shared mailbox - Mailbox of employee will be converted to shared mailbox upon termination. For more information click here.

Figure 13. Terminate user in AD

Figure 14. Terminate user in AD with Multi Domain Controller

In a multi-domain controller setup, when selecting the 'Retain selected groups' option under 'Handling of security group and distribution list memberships', you can select Security Groups and Distribution lists for any of the base DNs in your AD.

Figure 15. Terminate user in AD with Multi Domain Controller

And, if you have enabled 'Enable pre-boarding, future hires and scheduled terminations' on Application page then below mentioned options will be provided in the design.

Scheduled Terminations

Employee termination time - Choose preferred time to schedule the termination record of the employee. In this, the termination event will take place on the scheduled time.
With the help of the lookup table (highlighted in red), you can choose any attribute value as a filter. If the filter passes, the timestamp provided in the filter will be used; otherwise, the default time will be used for the event performance.

Figure 16. Termination event time scheduling

Day(s) to terminate after the last day worked - Choose a day(s) to delay the offboard employee than its termination date. Initially the option none is selected, you can modify it as per the requirements.
With the help of the lookup table (highlighted in red), you can choose any attribute value as a filter. If the filter passes, the days provided in the filter will be used; otherwise, the default value of days will be used for the event performance.

Figure 17. Schedule days for termination event after termination date

Support Immediate Termination - Based on the provided condition, employee will be terminated effectively irrespective of the last day.

Figure 18. Support immediate termination

Delete account after the aging period - User account will be deleted from identity management system after the specified aging period. Only the terminated employee account which match the criteria will be deleted. If none of the criteria matches, then default aging period will be selected.

Figure 19. Delete user account after aging period

Exclude Employee Attributes on Terminating - The workflow would update employee attributes on termination if any attributes changed in HR platform. You can select not to change some attributes on termination.

Figure 20. Terminate user in AD

Leave

An organisation can have multiple type of leave for their employees. Hire2Retire supports multiple type of leaves to choose from. Each type can be configured to specify employee's access differently for different leave types based on the requirement.

1. Long-Term Leave: Long-term leave refers to an extended period off from work, usually beyond a few weeks or months. It could be due to medical reasons, maternity/paternity leave, sabbaticals, or other personal reasons. It is the general type of leave and is currently supported in Hire2Retire
2. FMLA (Family and Medical Leave Act): FMLA is a federal law in the United States that entitles eligible employees of covered employers to take unpaid, job-protected leave for specified family and medical reasons with continuation of group health insurance coverage under the same terms and conditions as if the employee had not taken leave.
3. Legal Leave: Legal leave refers to type of leave that is granted to an employee as required or protected by law. This could include leave for jury duty, military service, voting, or other legally mandated absences.
4. Security and Disciplinary Leave: Security and Disciplinary leave is a type of leave that is imposed as a result of disciplinary action taken against an employee for misconduct or violation of company policies.

According to the leave types chosen, you can configure the below properties. You can configure one or many type of leaves according to the usage.

Disable User - (Optional) Select the Disable User checkbox to terminate the user.

Choose OU - Choose OU, which you want to configure for an employee which is on long term leave. You can choose "Do not change OU" from the dropdown if you do not want to change an OU.

Managing security groups and distribution lists

Retain ALL assigned groups - All the existing group memberships will get retained.

Remove ALL assigned groups - All the existing group memberships will be removed.

Retain selected groups - The selected group memberships will not be touched when an employee is on long term leave, rest will be removed.

Remove selected groups - The selected group memberships will be removed when an employee is on long term leave, rest will not be touched.

Figure 21. Process leave user in AD

Figure 22. Process leave user in AD with Multi Domain Controller

In a multi-domain controller setup, when selecting the 'Retain selected groups' option under 'Managing security groups and distribution lists', you can select Security Groups and Distribution lists for any of the base DNs in your AD.

Figure 23. Process leave user in AD with Multi Domain Controller

In a multi-domain controller setup, when selecting the 'Remove selected groups' option under 'Managing security groups and distribution lists', you can select Security Groups and Distribution lists for any of the base DNs in your AD.

Figure 24. Process leave user in AD with Multi Domain Controller

Exclude Employee Attribute - If you want any data that should not be updated, then you can check those attributes from the multi-select checklist when you leave an employee.

Figure 25. Process leave user in AD