User Admin Manager:
Efficient, Auditable User Provisioning
Prevent Security Creep with Proactive Segregation of Duties Checks
Do your skilled technical staff spend far too much time on routine tasks such as User Provisioning and Administration?
User Admin Manager (UAM) uses a configurable workflow to automate the process of requesting, approving and provisioning roles, reducing the workload and paperwork involved.
It can prevent SoD violations by checking for conflicts before roles are assigned, and it also keeps a full audit trail as evidence for your auditors.
Simplified User and Role Admin and Housekeeping
UAM also includes productivity tools which:
- make routine user and role administration and clean-up tasks much quicker and easier
- provide a much faster way of setting up large numbers of users and assigning roles during implementation or acquisition projects.
Automated User Provisioning: How it works
Using a grid-style form in JD Edwards, users can submit requests for one or more roles to be granted to themselves or to other users.
If required, UAM will run an SoD check to ascertain whether granting these roles will cause a violation, then notify the designated approver of the request via email.
The notification message includes full information about the request, including the results of the SoD check (Pass or Fail).
It also includes links which the approver can use to accept or reject the request.
If accepted, UAM can then assign the role automatically. Whatever the decision, the requestor receives notification via email.
Users can also request for roles to be removed or expired.
User and Role Administration Productivity Tools
UAM also provides utilities and reports which make administration tasks much easier, including:
- Create a new user from a single screen
- Reset password
- Enable/disable logins
- Grid update of user details
- Import users/roles from a spreadsheet
- Terminate employees who have left
- And many other common clean-up tasks
This saves your CNCs/system administrators a lot of time during projects such as implementations and acquisitions, as well as on routine housekeeping tasks.
Watch a short demo
- Faster turnaround time for role requests
- Less effort for CNCs/system administrators
- Empower the Business to take ownership of User Provisioning
- Avoid unintended SoD conflicts - less remediation work; less risk of fraud
- Satisfy your auditors - fully audited process; easy to provide evidence
- Promotes a better Business/IT relationship
The User Provisioning workflow can be tailored to suit your company’s processes and hierarchy. Using the screen above, you decide which steps to include in your User Provisioning workflow, as well as what happens at each stage.
Role requests are automatically routed to designated approvers.
Approvers can be assigned to approve requests for specific users, for specific roles, or for all roles/users. For example, in companies where there are multiple accounts offices, requests for the AP Clerk role can be routed to a different person depending on the requestor’s location.
These are optional, and you can decide at which stage in the process they should be run. The check will test for SoD violations that would be caused by assigning the requested roles in addition to the user’s existing roles.
You also decide what is allowed to happen if the SoD check fails; ie the request can be automatically denied, or you may allow the approver to allow the request anyway.
You can manually request an SoD check at any stage. For example, if there is a delay between requesting the role and approving it, you can re-run the SoD check in case the user has been granted any additional roles in the meantime.
Preseeded SoD rules are provided or you can maintain your own. Users of Audit Manager can use the rules from there.
Notifications are automatically sent to approvers as soon as the roles are requested, with full information, including the result of the SoD check (where used).
These messages also include links that the approvers can use to approve or reject the requests.
Requestors also receive email notifications to inform them of the request status.
Once roles have been approved, UAM can automatically assign them to the user, if you wish.
All activity is logged with a date and time stamp, so you can see exactly who requested, approved and assigned what and when.
This provides evidence for internal enquiries or escalations in the event that incorrect roles are assigned, or if people perceive that undue delays have occurred.
It also provides evidence for auditors who are testing that role assignments are authorized appropriately.
You can attach notes to role requests, e.g. if you need to record external documentation associated with the request.
If required, ticket numbers can be recorded on the role requests. As part of configuring your process, you can specify that ticket numbers are mandatory at certain stages.
- View the status of Role Requests
- View information on live Role Assignments in an interactive grid with multiple filters
Enables rapid import of multiple Users or Roles to JD Edwards from spreadsheets.
- No limit to the number of Roles/Users you can add in one batch – ideal for business acquisitions or roll-out to new locations
- View the data in a grid prior to uploading
- When importing Users, up to 30 Roles can be assigned to the User during Batch Import.
Consolidates all the information you need to set up a new user into a single application, making it much easier for non-technical staff to add new users.
Select and display the Security Details of multiple Users in a grid format, combining data from both the P0092 and the P98OWSEC tables. Records can be filtered by any of the columns on the grid, and updates can be applied in the grid as required, with no need to open individual records.
These utilities provide a quick and convenient means of retrieving user records to enable / disable them or to reset passwords.
UAM also provides utilities and reports which make many housekeeping tasks much easier, including:
- Terminate Employees report
- Enabled Users with All Expired Roles or No Role report
- Enabled Users that have not signed in for x days report
- Disabled Users with Active Roles report
- Role Integrity report
- Object Reservation report
- and more
All information is held in a reportable, centralized location within your JDE system.