Autoprovision new Lawson Users

 6 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Sarah
New Member
Posts: 4
New Member
    We are in the process of identify the best way to auto provision new users to Lawson LS Security, and deprovision roles when transfers/terminations occur. 

    We are ldap bound, and would like to utilize either PFI or an ldap provisioning tool (CA/FIM/etc).

    How have others resolved this issue?  What tools did you use? 

    Thanks!
    Gary Padgett
    Veteran Member
    Posts: 90
    Veteran Member
      We are in the process of implementing Courion for our enterprise-wide provisioning to multiple systems as well as Active Directory and email. I am not the one working on it, so I don't have a lot of insight.

      However, what we're doing now for new users might be of some assistance. We get a spreadsheet from HR with all relevant info for these new users. I wrote a perl script to read that csv file and create an xml file in a format that "loadusers" can use. This gives basic ESS access to all new users.
      For transfers and terminations, we're still doing those manually for now.
      BarbR
      Veteran Member
      Posts: 306
      Veteran Member
        We are also bound to the LDAP. We build a daily .xml file that a ProcessFlow FTP's to the Lawson server and executes the loadusers utility. Soon we hope to have ProcessFlow build the .xml file too, but we aren't there yet. We build the .xml file in an MS Access application that has three sources of data; a nightly extract of the RMID's, a nightly extract of the employees on HR11, and an internal system (our Help Desk system) that contains the Lawson employee number, the network ID, and their email ID. From the HR11 we can tell which RMID's need to be created. If the person is both on the HR11 and the RMID, we look for any changes that would change their groups, roles, name, email ID, etc., and build change records. If the person is terminated on HR11, we build an update record with an inactive group, role, and portal role that gives them a "your userid has been inactivated, blah blah blah" message. Our RMID add/change/inactivate process is entirely hands-free. After the RMID updates, we also run a PFI that reads the RMID and picks up any new email ID's and updates the HR11.
        Like I said, soon we hope to have PFI update the RMID directly, but we are waiting for a replacement of our Help Desk software first.
        Adam Goldstein
        Basic Member
        Posts: 4
        Basic Member
          Utilizing the Resource Query and Resource Update node in PFI should be more direct and easier than loadusers, plus avoid any complexity of formatting the xml file. The Resource Update node should enable you to Add/Change any field on a users RM record. Note you will need either PFI or PFX as ProcessFlow Professional will not have access to the Resource Update node.
          kdcoate
          Veteran Member
          Posts: 44
          Veteran Member
            We use the ProcessFlow Resource Query and Update nodes to generate all of our new Lawson LS accounts and make some changes based on transfers. However, we also have a custom on-boarding process built to set the AD username from Lawson - so we're able to have that username available for the account creation.
            Nirav Bhatt
            Basic Member
            Posts: 6
            Basic Member
              We have implemented Process Flow which creates ESS/MSS users everyday based on the HR11. We have also implemented Termination/Position Change based on the personal action in the same process flow. PFI has node called RMUpdate which can be used to add, delete, or modify the RM user id.
              JeffR
              Advanced Member
              Posts: 22
              Advanced Member
                We use ProcessFlow to add new hires and modify rehire RM records using the RM Update and RM Query nodes. We have a flow that extracts all newhire and rehire employee data for the day and that information sent over to be loaded or updated in AD which passes back the login ID, and Email Address. We then update the RM record giving the employee ESS access.