Scribd
Upload
5 views

IKS_Active Directory - Fusion Integration

Uploaded by

anik.rastogi08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
5 views

IKS_Active Directory - Fusion Integration

Uploaded by

anik.rastogi08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

V 1.

IKS – Active
Directory
Integration
Active
Directory
integration
V 1.0

Document Control

Change Record

Date Author Version Change Reference

04/09/18 Abhishek Patel Draft 0.1 Initial document


24/09/18 Abhishek Patel Draft 0.2 Email Generation Logic updated

Reviewers

Name Position

Babuddin Qureshi Project Manager, PwC

IKS – Active Directory Integration - Active Directory integration


PwC 2
Table of contents

1. Interface between HCM and Active Directory 4

1.1. Integration requirement 4


1.2. Proposed Solution 4
1.2.1. Technical Overview 4

2. ACTIVE DIRECTORY system integration requirement 5

2.1. Assumptions 5
2.2. Pre-requisite 5
2.3. Requirement Overview 5
2.4. Data points to be covered 5
2.5. File Details 5
2.5.1. Location Details 5
2.5.2. Frequency of Outbound 5

2.6. Failure Scenario 5

3. Appendix 6

3.1. Open Question 6

IKS – Active Directory Integration 3 of 8


1.
Interface between HCM and Active
Directory
1.1. Integration requirement
IKS uses Active directory setup for authorization of user credentials and email
configurations.

The same infrastructure needs to be utilized for the SSO login in the HCM Fusion login.
Email address configured in the HCM should also interface to Active directory and create
email.

1.2. Proposed Solution


1.2.1. Technical Overview
Federation server needs to be configured between active directory and HCM fusion.

This server will perform SSO login using the credentials stored in the active directory.

A file based interface will be created between Active directory and HCM which will
provide relevant information to the Active directory for creating email.

Similar interface needs to be configured for employee leaving the organization.

IKS – Active Directory Integration 4 of 8


2.
ACTIVE DIRECTORY system
integration requirement
2.1. Assumptions
1. Power shell script should create the employee and email once relevant information is
provided.

2. Similar shell script needs to be created to inactivate the employee

3. The Federation server will take care of authorization

2.2. Pre-requisite
1. Folder access to required folder is provided.

2. Federation server installed at location DEV.FS.IKSHEALTH.COM /


PRD.FS.IKSHEALTH.COM

2.3. Requirement Overview


For successful implementation of Active Directory and HCM the employee id of the newly
created employee needs to be created in the Active directory.

The information needs to be interfaced if there are any modification in the attributes that Active
Directory needs.

Information of employee leaving the organization should also be interfaced to Active Directory.

2.4. Data points to be covered


Following fields are needed to create a new user in Active Directory

Sr EMP-ID Name Windows ID Email ID DOJ Gender Designation Dept Client Reporting Location .in/.com Windows Email Gsuite
Manager ID logins ID

1 HB02002 VInod vinod.khamkar [email protected] 10-Sep-18 Male Trainee Operations CMM RaghuRaj NSL .in Yes Yes No
khamkar Associate SP

Similar set of fields will be required in order to deactivate a user.

IKS – Active Directory Integration 5 of 8


2.5.
File Details
2.5.1. Location Details
For all newly created employee/Inactive employee file will be created at following location:-

PENDING\HCM\OUTBOUND\ACTIVE_DIRECTORY\ACTIVATE_USER

PENDING\HCM\OUTBOUND\ACTIVE_DIRECTORY\DEACTIVATE_USER

If these records are successfully processed the file be moved to:-

PROCESSED\HCM\OUTBOUND\ACTIVE_DIRECTORY\ACTIVATE_USER

PROCESSED\HCM\OUTBOUND\ACTIVE_DIRECTORY\ACTIVATE_USER

In case of failure files will be moved to:-

FAILED\HCM\OUTBOUND\ACTIVE_DIRECTORY\ACTIVATE_USER

FAILED\HCM\OUTBOUND\ACTIVE_DIRECTORY\ACTIVATE_USER

2.5.2. Frequency of Outbound


Daily Feed will generate files at:-

PENDING\HCM\OUTBOUND\ACTIVE_DIRECTORY

Daily Feed will generate files at:-

PENDING\HCM\OUTBOUND\ACTIVE_DIRECTORY\DEACTIVATE_USER

IKS – Active Directory Integration 6 of 8


2.5.3.
Logic for generating email address

Eligibility Rules for G Suite


Location Criteria of Selection Eligibility Criteria
Both US & India C Suite All Eligible
Care All Levels Eligible
US Enabling All Levels Eligible
Margin Manager and Above Eligible
Admin Assistant Manager and Above Eligible
BI Assistant Manager and Above Eligible
Care Assistant Manager and Above Eligible
Care Exception All Client Management Physician Partners Eligible
Compliance All Levels Eligible
Corporate
Communications All Levels Eligible
Executive Assistants All Levels Eligible
Finance All Levels Eligible
HR Manager and Above Eligible
HR Payroll / Benefits /
India On boarding / MIS All Levels Eligible
IT & Security All Levels Eligible
Learning & Development All Levels Eligible
Legal All Levels Eligible
Margin Assistant Manager and Above Eligible
Margin Exception All Payor Specialists Eligible
Practice Assistant Manager and Above Eligible
Solutions All Eligible
Strategy All Eligible
Training Assistant Manager and Above Eligible
Transition All Eligible
WFM All Eligible

2.6. Failure Scenario


In case employee active directory is not created the same will be done manually.

IKS – Active Directory Integration 7 of 8


3.
Appendix
3.1. Open Question

Question Owner
Powershell CSV Structure Sumant/Vinod

3.2. Closed Question


Question Answer
Logic for generating email address (.com/.in) Section 2.5.3 is updated with logic received from
Sumanth

IKS – Active Directory Integration 8 of 8

You might also like