Views:

Applies To:

GroupID 8, 9, 10 – Self-Service

Business Scenario:

Organizations make an effort to ensure that employee profiles remain accurate and up-to-date in the directory. HR collaborates with IT teams to assign resources to the mundane task of manually updating user information. But somehow that doesn’t seem to work. Most of the time, organizations have to work with incorrect or outdated information.

Is there a more reliable and efficient way to keep employee information updated in the directory?

Solution:

A practical approach to this problem is to force users to self-update personal and official information in the directory.

The Profile Validation feature in GroupID does exactly that. It forces users to periodically review, validate and update important fields in their directory profiles.

Explanation:

In the Self-Service portal, users can view and update their directory profiles. But since this is a matter of choice, they barely bother.

The profile validation function makes it mandatory for users to validate and update their profiles. The administrator can specify the attributes (fields) to expose for profile validation.

How does User Profile Validation work in GroupID?

The profile validation function involves a number of simple steps.

  • Step 1: Configure user profile validation for an identity store.
  • Step 2: Define a scheduled User Life Cycle job for the identity store.
  • Step 3: Specify the fields to be displayed in a Self-Service portal for profile validation.
  • Step 4: Users are forced to validate their profiles using the Self-Service portal. GroupID expires the users who fail to do so within a specified time frame. Expired users cannot log in using their organizational accounts.
  • Step 5: The administrator or a Helpdesk user can grant an extension period to expired users, so they can validate their profiles and avoid inconvenience.

Step 1: Configure User Profile Validation for an Identity Store

  1. In GroupID Management Console, click the Identity Stores node.
  2. On the Identity Stores tab, double-click the required identity store to open its properties.
  3. On the Configurations tab, click the Profile Validation option in the left pane.


     
  4. In the Profile Criteria area, specify a group to apply profile validation to. Members of this group will have to validate their profiles using the Self-Service portal.
  5. In the User’s Profile Validation Life Cycle box, the profile validation life cycle period defaults to 90 days, which means that users must validate their profiles once during each cycle of 90 days. When a user validates his or her profile, the current cycle closes and the next cycle begins for him or her.
  6. In the Reminder Notification Settings area, add/edit the email notification info. These notifications serve as reminders, directing the user to validate his/her profile.
  7. In the Extension Period Settings area, specify the number of days that would be granted as extension period to expired users.
  8. Click OK.

Step 2: Define a User Life Cycle job for the Identity Store

The profile validation feature in GroupID is monitored by the User Life Cycle job. This job checks for the profile validation dates of users who fall in the specified group. It initiates reminder notifications for these users and expires those who do not validate their profiles within the given period.

  1. In GroupID Management Console, click the Scheduling node.
  2. Click New in the Actions pane and select User Life Cycle Job on the menu to create a User Life Cycle job for the identity store that GroupID Management Console is connected to.

  3. On the General tab, provide a name for the job and select a Self-Service portal URL to include in User Life Cycle email notifications.
  4. On the Triggers tab, specify a triggering criterion for the job, that, when met, starts the execution of the job.
  5. On the Authentication tab, provide credentials of the service account to run the job in the identity store.
  6. Click OK.

Step 3: Specify Schema Attributes for Validation

The administrator can specify the schema attributes (fields) for user profile validation. These attributes (fields) are displayed on the Validate Profile Properties window of the Self-Service portal, where users can validate and update the values for these attributes.

  1. In GroupID Management Console, select Self-Service > Portals > [required portal] > Designs.
  2. Select an identity store to specify fields for profile validation.
  3. Click the Property Validation tab.


     

  4. From the Select Directory Object list, select User.
    All fields currently available for profile validation in the portal are listed under Display Name.

    • To add a field, click Add.
    • To edit a field, select it and click Edit.
    • To remove a field, select it and click Remove.
       
    Note: You cannot edit or remove the My Direct Reports field.
  5. To add a new field (schema attribute) for profile validation, click Add.


     
  6. Use the Field(s) box to specify a schema attribute.
  7. In the Display Name box, specify a name to display as the field’s label in the portal.
  8. From the Display Type drop-down list, select a display type to use for rendering the attribute(s) in the portal.
  9. From the Visibility Role drop-down list, select a security role. The field would be visible to users of the selected role and to roles with a priority value higher than the selected role.
  10. Use the Exclude Role option to exclude a higher priority role or roles from getting visibility on the field.
  11. Specify a tooltip for the field, the maximum number of characters the field can store as value, and other attributes.
  12. Click OK to close the dialog box.
  13. On the toolbar, click Save

Step 4: Profile Validation in the Self-Service Portal

 Multiple alerts in GroupID direct the user to validate his or her profile by a certain date. Reminder notifications are sent in due course of time. The My Profile card on the portal’s dashboard changes color to depict the warning level. 

  1. Launch the Self-Service portal.
  2. Click the My Profile card on the dashboard to launch the Validate Profile Properties window.

  3. Users can update the attributes the administrator has exposed for profile validation. In the default portal template, a user can:

    • Update his or her office info, such as address and contact numbers.
    • Specify or change his or her primary manager.
    • Transfer his or her direct reports to another manager.
    • Terminate his or her direct reports.

  4. After verifying and updating the information, click the Validate Now button.

Step 5: Grant an Extension Period to Expired Users

GroupID expired the users who do not validate their profiles within the required time frame. An expired user is disabled in the directory.

Expired users can request the administrator or Helpdesk to unlock their accounts temporarily and grant an extension period. If they do not validate their profile information within that extension period either, GroupID expires them again and notifies their managers by email. To reactivate these accounts, users’ managers must send a request to Helpdesk.

  1. To grant an extension, log on to the Self-Service portal.
  2. Click Users in the left pane and then select the Disabled Users tab.
  3. Select an expired user and click Extend on the toolbar.
    On extension, the user's account is temporarily unlocked for the duration specified in profile validation configurations. See Step 1

Reference:

GroupID Online Help - Configuring User Profile Validation

Keywords: Self-Service, Active Directory, Users, profile, Validation, update, frequency, life cycle
Comments (0)