Lifecycle Business Rules (ATS)
Lifecycle Business is an ATS model that defines the various stages in which a user progresses within an organization. Lifecycle Business Rules provides 3 stages in ATS:
- Hire, Rehire
- Change of Role
- Termination
You can select the user lifecycle required for your business use cases. At the runtime, the workflow will only process user which match the selected stages.
Hire, Rehire¶
Create or reactivate user in Identity Platform upon hire, rehire. Using this operation, you can create a user profile in the Identity Platform when a candidate is created in the ATS system.
Choose password format - You can select one of the formats for the password you intend to create for a newly onboarded user.
A common password for all employees - Select the "a common password for ALL employees" format. It will provide the text area in which you can map from HR Profile or put user input value for password. And you can also put some conditions using excel function.
Initial password length - Choose the initial password length to match your AD password policy. Password is randomly generated according to the provided length.
Create the account in disabled state - Check this checkbox if you want to create the user in the disabled state in identity platform, created from the ATS flow.
Automatic Termination - Select the aging period from the dropdown to delete the account of the user if the candidate is not created in the HCM workflow.
Exclude Employee Attributes on Rehiring The selected attributes will not be consider when rehiring a candidate.
Change of Role¶
Update user in Identity Platform when the user's profile is updated in ATS system. Using this operation, you can update a user's profile in the Identity Platform when the user is updated in ATS system.
Whitelist (retain) some of the security groups and distribution lists¶
The handling of security groups and distribution lists will be done while updating a candidate profile according to the selection below.
Retain all groups NOT defined in group mapping automation - Groups which are added manually ( not with H2R ) to the user will be preserved, only the one mapped in group membership step will be added/removed according to the condition specified in that step.
Retain ALL existing groups - None of the existing group memberships will be removed and only new groups memberships will be added.
Do not retain any existing groups - All the existing group memberships will be removed and new groups memberships will be added.
Retain below selected groups - The selected group memberships will not be removed, rest will be removed along with the addition of new group memberships.
Exclude Employee Attributes on Updating¶
The selected attributes will not be consider when updating a candidate profile.
Termination¶
Terminate user in Identity Platform when the user is terminated in the ATS system. This operation allows you to terminate a user's account in Identity Platform when they are terminated in the ATS system.
Account Deletion for Non-Onboarded Candidates Select the checkbox, "By default, identity accounts will be disabled in the identity platform system when the candidate is unable to onboard. Check to delete accounts," to automatically delete the candidate's account when they are terminated from the identity platform.
Choose OU for terminated user - All terminated users will be moved to the selected user group. You can choose "Do not change OU" from the dropdown if you do not want to change an OU.
Selected attributes will be purged on termination - All the selected Identity Platform attributes will be purged upon termination.
Set Description on termination - Users can choose to add description on employee's profile upon termination. This will be an optional field. With the lookup table (highlighted in red), you can set conditions based on attribute values. If the conditions are satisfied, the specified description will be applied. If not, the event will use the default description.
Handling of Group Memberships¶
The group memberships will be updated upon terminating an employee profile based on the below selection.
Remove ALL assigned groups - All the assigned group memberships will be removed.
Retain ALL assigned groups - None of the existing group memberships will be removed.
Remove Selected groups - The selected group memberships will be removed when a candidate is terminated, rest will be preserved.
Retain selected groups - The selected group memberships will be retained, rest will be removed.
In a multi-domain controller setup, when selecting the 'Retain selected groups' or "Remove Selected groups" option under 'Handling of security group and distribution list memberships', you can select Security Groups and Distribution lists for any of the base DNs in your AD.
Exclude Employee Attributes on Terminating - The workflow would update employee attributes on termination if any attributes changed in ATS platform. You can select not to change some attributes on termination.