Tuesday, October 25, 2011

Automated Provisioning & Profile Maintenance – Third Party Access

Recently I had the opportunity to work with a couple other Fruition developers to deliver a custom Third Party Access Portal, also known as 3PA, to help an international beverage company's third party users (e.g. customers, bottlers) effectively request and sustain access to key applications.  The 3PA portal was to replace their current solution that was not only over extended to far more 3rd parties than originally intended, but was associated with user dissatisfaction, increased support cost, and unfavorable company perception.

One of the main objectives of the project was to enhance the user experience through a simplified user interface.  Third party users can utilize this portal to manage their user profile, request access to applications, and manage their password.  Even though the portal is aimed for external users with the goal to “make their company easier to do business with,” internal employees can also use the interface to invite new or existing users to applications, view access reports, and manage access requests.



Not only does 3PA allow for the external users to have a simplified interface to request access to applications, but similarly streamlines the process of onboarding a new application or editing an existing one.  Utilizing a single form 3PA provides a central location for application information including reminder/expiration/escalation time values for tasks and approvals, display name and image for the portal, relationship to the corresponding business service in the CMDB, and more.   



This one form also allows the application owner to add or edit:
·         Application administrators
·         Related Active Directory groups that grant specific user access to that application
·         Multi-layers of access request approvers and groups based by application and based by application question values
·         Application specific questions to be asked when a user registers
·         Pre-approval rules to automate approvals based on third party user’s email domain
·         Multi-layers of manual tasks and/or automated access provisioning tasks
·         Users that have been invited to register for the application
·         Users that have access to the application

To simplify the user experience of onboarding an application, the application dynamically creates a service catalog item and leverages ServiceNow’s request management capabilities to drive the request process while utilizing one “general” workflow for all applications.  This allows application owners to setup their application without having service catalog, workflow, and general admin experience.
 
Another objective was to decrease the amount of time it took to provision a user’s application access.  In order to do this, 3PA is integrated with their identity management solution which allows real-time application access provisioning and user creation and profile update in Active Directory and SAP.

 
The second key part of the portal is the automation of maintenance to a third party user’s profile.  An external user can manage their profile information and password by submitting requests which initiates web service calls and updates their active directory account in real-time.  Below is a submitted profile change request that compares the previous and updated values, allowing a user not only to follow their request from submission to approval to completion, but also compare and track when they update certain values. 



Summary:
·              Built on top of the ServiceNow SaaS Platform integrating CMDB, Request, User Account, SLA and Access Management
·              Integrates with their Identity Management solution to allow for real-time user account information update/creation and application access provisioning in Active Directory
·              Portal enhances the user experience through a simplified user interface, simplified processes, and automates the registration and profile maintenance processes

Project Team:
Chris Dauw (Director of Products), Engagement Manager
Tom Sobczak (Director of Custom Applications), Project Manager
Sal Costa, Senior Architect
Shane Brazeal, Senior Developer
Darrin Achtman, Developer
Dustin Martin, Technical Analyst

No comments:

Post a Comment