> developer > dnu > courses > secure identity management page 9
Secure Identity Management Overview Course
March 2003
DeveloperNet University Course
Reader Rating    from ratings rate this article
View an eBook Version of this course - LARGE FILE! Send this page to a friend

Employee Provisioning Example

The following example illustrates the default automatic employee provisioning process for a specific setup that includes PeopleSoft, NT, and Exchange 5.5. (Setups that use the other supported HR, messaging, and account and directory systems could also be created and would operate in a similar manner.)

  1. When an employee is hired, an HR specialist enters the new employee data in the PeopleSoft system.

  2. The PeopleSoft system records this event in its transaction table.

  3. The PeopleSoft DirXML driver's Publisher Channel periodically accesses the transaction table by way of Component Interface (CI) objects, which are part of the PeopleSoft Service Agent (PSA). (The PSA is a collection of software processes and components that run on the PeopleSoft database server and define what data and how data will be available from PeopleSoft for synchronization with the Workforce Tree. The PSA is included with Nsure Resources and installed along with the PeopleSoft DirXML driver.)

  4. Based on the information it finds in the transaction table, the PeopleSoft DirXML driver publishes the new data to the Workforce Tree as follows:

    1. It constructs an XML document and passes it to the DirXML engine for processing.

    2. It derives additional data from the PeopleSoft database, such as the employee's manager and direct reports, and adds it to the user object's attributes to be published in the Workforce Tree.

  5. To process the newly received XML document, the DirXML Engine consults the Matching and Create rules as well as other defined policies associated with the PeopleSoft DirXML driver's Publisher Channel.

    1. The Matching rule determines whether this user already exists in the Workforce Tree.

    2. The Create rule dictates the attributes for which the engine needs information before it can create a User object, and specifies the naming policy the engine should use to name this User object. Other defined policies provide guidelines for transforming data or object names between PeopleSoft and the eDirectory Workforce Tree.

    3. The Placement rule dictates that this new User object be placed in the Active container within the Users container.

  6. The DirXML Engine notifies the NT Domain DirXML driver via the subscriber channel of the addition. In response, the NT Domain DirXML Driver creates an NT Domain account.

  7. When the NT account is created, the NT Domain DirXML Driver updates the Preferred Name attribute for the user in the Workforce Tree with the NT Account Name via its publisher channel.

  8. This update triggers the Exchange DirXML driver to initiate the creation of an e-mail account in Exchange.

  9. Exchange creates an e-mail account and e-mail ID.

  10. The Exchange DirXML driver then publishes the e-mail ID back to the Workforce Tree.

  11. The PeopleSoft DirXML driver subscribes to the Workforce Tree attribute for e-mail and updates this field in the PeopleSoft database.

Data Synchronization Examples

The following examples illustrate how Novell Nsure Resources synchronizes user identity information:

E-mail address change

  1. The administrator changes a user's e-mail address in Exchange.

  2. The Exchange DirXML driver publishes the new e-mail address back to the Workforce Tree.

  3. The PeopleSoft DirXML driver subscribes to the Workforce Tree attribute for e-mail address and updates this field in the PeopleSoft database.

Employee initiated change

  1. Using Novell eGuide, an employee changes her home telephone number in the Workforce Tree.

  2. The PeopleSoft DirXML driver subscribes to the Workforce Tree attribute for home telephone number and updates this field in the PeopleSoft database.

Previous Contents Next