Overview
Using the Access on Hire2Retire
you can provision and deprovision users on Bitsight.
Read the official documentation of Bitsight here.
Define Role Definition¶
Provisioning Type¶
Define Role(s)¶
You can assign a Role to any user based on their AD attributes. You can define complex conditions using AND and OR logic. You can also use the Group memberships in AD to define Roles. For example, In Figure 2 the rules are defined on the basis of Department (Contains). If the rules are passed then only user(s) will get provisioned. If no rule passes and the user(s) is present in Bitsight then deprovisioning is performed for the user(s).
Map the rules defined in first table with the Roles provided by Bitsight.
You can enable the "Do not deprovision upon change of profile or role" checkbox to prevent users from being deprovisioned on Bitsight due to a role mismatch.
You can also select default roles in Bitsight. For if and only if 'Developer' Role is passed and it is not mapped in the second table then the selected default Bitsight Roles will be assigned to the user(s).
Process All Employees¶
All user(s) will be provisioned on Bitsight.
Provision User¶
You can decide to either provision or deprovision user(s) using Access.
-
Provisioning - You can provision one or more user(s) to the Bitsight according to the requirement. User(s) can be created, updated or reactivated in provisioning operation.
-
Deprovisioning - You can deprovision one or more user(s) according to the requirement. User accounts will be deactivated on Bitsight upon deprovisioning.
Map attributes on Bitsight¶
You can populate a user's profile in Bitsight by mapping attributes incoming from the AD. You can also use Hire2Retire's powerful data transformation capabilities using Excel Style functions.