approve/reject requests and terminate users in identity...
TRANSCRIPT
V1.3
DFPS
Approve/Reject
Requests and
Terminate Users
in Identity
Manager (IAM) A step-by-step guide to completing the responsibilities of the CASA IAM Representative role.
Department of Family and Protective Services 2/3/2015
Designated IAM Representative Guide
v.1.3 Page 1 of 25
Contents
Introduction .................................................................................................. 2
Roles ............................................................................................................ 2
Log into ITIM ................................................................................................. 3
Approve or Reject Portal Requests.................................................................... 5
To approve or reject portal access requests ................................................. 6
What happens next? ............................................................................... 13
Approve or Reject Case Connection Requests .................................................. 14
What happens next? ............................................................................... 15
Terminate a Case Connection Account ............................................................ 16
To terminate a Case Connection account: .................................................. 16
Termination for inactivity ......................................................................... 22
What happens next? ............................................................................... 22
Lock/Unlock an Activity in IAM ....................................................................... 23
To lock an activity .................................................................................. 23
To unlock an activity ............................................................................... 24
Designated IAM Representative Guide
V1.3 Page 2 of 25
Introduction
This document walks you through the steps of reviewing and approving/rejecting
requests to access the HHS Enterprise Portal and the Case Connection Application.
Additionally, it covers how to terminate a Case Connection account in the event of a
CASA staff/volunteer resignation or dismissal.
Roles CASA IAM Designated Representatives, referred as "Partner Supervisors" in the
HHS Enterprise Portal, will need to understand how to complete the steps provided
in this guide in order to manage access to the Portal and to the Case Connection
Application for their local CASA organization.
It is important to note that requesting Portal accounts and Case Connection access
is a self-service process that the CASA staff and volunteers must complete on their
own. Your responsibility is to approve or reject the reject the request, not to create
user IDs or portal accounts for staff, or submit Case Connection requests on their
behalf.
Request Case
Connection Access
Background Check
Obtain Access to
Case Information
Use Case Connection
Designated IAM Representative Guide
V1.3 Page 3 of 25
Log into ITIM
1. Open up your internet browser and navigate to:
https://hhsportal.hhs.state.tx.us/iam/portal/DFPS/
2. Enter your username and password, and then click the Login button.
The Security Agreement screen appears.
Designated IAM Representative Guide
V1.3 Page 4 of 25
3. Read the Security Agreement, and then click the Agree button.
NOTE: Every time you log into the HHS Enterprise Portal, you will be prompted to
read the Security Agreement. Clicking the Agree button indicates your agreement
to the terms. You may click the Reject button, but you will be logged out of the
system.
4. Click the ITIM tab. This will open the Tivoli Identity Manager application.
NOTE: Once ITIM Opens, the screen will be divided into two separate sections, or
'frames'. The left-hand frame is a menu you may use to navigate in and around
ITIM. The right-hand frame takes you directly to where you need to be for this
procedure - the View Activities window. Any pending requests will appear in the
right-hand frame.
Designated IAM Representative Guide
V1.3 Page 5 of 25
Approve or Reject Portal Requests
Although IAM Representatives that are set-up by DFPS as Partner Supervisors in
IAM do not have to register for Portal Accounts, all other CASA Staff and Volunteers
who have a business need for Case Connection must first register for an HHS
Enterprise Portal account. Every request for access to the Portal must be approved
or rejected by you, the IAM Representative for your Organization.
You will receive an email once a CASA staff or volunteer requests access to the
Portal. The email will direct you to log in, review the request, and approve/reject
the request. A sample of the email you will receive is displayed below:
Figure 1: Email sent to IAM Representative for HHS Enterprise Portal Approval
Note: The system requires the IAM Representative to take action on a request
within 5 days. After 5 days a reminder will be sent out that if action is not taken in
another 5 days the request will be automatically deleted from their approval queue
(after a total of 10 days) and the staff/volunteer will be sent an email stating their
access was not granted by the IAM Rep.
Designated IAM Representative Guide
V1.3 Page 6 of 25
To approve or reject portal access requests
There may be one or more requests for portal access waiting for review in the work
queue.
Below is an example of what the system will display when there is a single request:
Figure 2: Single request for portal access
Note that when a single request for portal access is displayed, the Requested For
and Subject columns contain the name of the individual who made the request.
Below is an example of what the system will display when there are multiple
requests:
Figure 3: Multiple requests for portal access
When multiple requests are made, the Requested For column will read 'Multiple',
and the Subject column will state the number of requests received. In this case "5
Items" is displayed, signifying there are 5 portal account requests awaiting review.
Designated IAM Representative Guide
V1.3 Page 7 of 25
1. Log into ITIM.
2. Click on the 'Partner Supervisor Approval for Enterprise Portal Account'
hyperlink in the Activity column.
3. Complete the following:
For a single portal access request, go to the next step.
For multiple portal access requests, once you click the hyperlink in the Activity column, each individual request appears. Click on the
name under the Subject column, and then go to the next step.
Designated IAM Representative Guide
V1.3 Page 8 of 25
4. Click on the 'Provide Information' hyperlink.
Designated IAM Representative Guide
V1.3 Page 9 of 25
After clicking on Provide Information link, a screen will appear that displays details
about the person requesting access to the Portal for your review:
5. Verify the information that appears on this screen. You will need to
ensure the following:
The Person listed is currently affiliated with your local CASA
Program.
The Person's name is spelled correctly.
Verify the person's identity according to your local CASA Program's
policy and procedures.
6. Click the Details Button to view the "Manage Approval" Screen so you
can Approve or Reject the Request
Designated IAM Representative Guide
V1.3 Page 10 of 25
7. Select either 'Approved' or 'Rejected' from the "*Approval" pull down menu.
If the information is incorrect, or if the individual is not known to your local
CASA organization or does not need Portal access, then you will reject the
request. If the information is correct and you have confirmed this individual
does require Portal access, you will approve the request.
8. If you are rejecting the request, then you must enter notes regarding
why you are rejecting the request. Any notes entered will be in the rejection email that is sent to the person making the request.
9. Click the Save button.
Designated IAM Representative Guide
V1.3 Page 11 of 25
After clicking save, the following screen will appear where you will submit your
action to approve or reject the request.
10. Click the Submit button to finalize the approval of the request.
Designated IAM Representative Guide
V1.3 Page 12 of 25
11. The Success confirmation screen appears. Click the Close button to return Home.
12. The Home screen appears. From here you may log out, or click the 'Manage Users' hyperlink to process additional requests that are in your
queue.
Designated IAM Representative Guide
V1.3 Page 13 of 25
What happens next?
CASA staff/volunteer receives an email notification regarding their Portal
Request
After the HHS Enterprise Portal Request is approved or rejected by the IAM
Designated Representative, the CASA staff/volunteer will receive an email telling
them if their request for access to the Portal was granted. Examples of the system
generated emails are displayed below:
Figure 4: Email for access granted to the HHS Enterprise Portal
Figure 5: Email for Access to the HHS Enterprise Portal Not Granted
CASA staff/volunteer submits a request to access to Case Connection
After the CASA staff/volunteer receives an email stating their access to the Portal
has been granted, the staff/volunteer will follow the steps in the Getting Started
Guide to complete and submit a request to access to the Case Connection
application.
Designated IAM Representative Guide
V1.3 Page 14 of 25
Approve or Reject Case Connection Requests
CASA Staff and Volunteers with a business need for Case Connection are instructed
to request access to Case Connection after they have been granted access to the
HHS Enterprise Portal. As with the Portal requests, every request for access to
Case Connection must be approved or rejected by you, the IAM Rep. You will
receive an email once a CASA requests access to Case Connection. The email will
direct you to log in, review the request, and approve/reject the request within
Identity Manager (IAM).
Figure 6: Email Informing of Case Connection Access Request
The process for approving Case Connection access requests is the same as portal
requests approval process. Follow the steps in the Approve or Reject Portal
Requests section of this document to work Case Connection access requests.
Figure 7: The Activity column specifies that the request is for a Case Connection account.
Designated IAM Representative Guide
V1.3 Page 15 of 25
What happens next?
CASA Volunteer Request: The approval process for the Case Connection request is
considered complete after the IAM Designated Representative approves / rejects
the request.
CASA Staff Requests: After the IAM Designated Representative approves a CASA
Staff request for Case Connection, the request is routed to a DFPS Applications
Security Administrator (ASA) for a secondary review and final approval/rejection.
After a Case Connection Request is finalized by the IAM Designated Representative
or the ASA, the CASA staff/volunteer will receive an email telling them whether
their request for access to Case Connection was granted. Examples of the system
generated emails are displayed below:
Figure 8: Email for Case Connection Access Granted
Figure 9: Email for Case Connection Access Not Granted by the IAM Representative
Figure 10: Email for Case Connection Access Not Granted by DFPS
Designated IAM Representative Guide
V1.3 Page 16 of 25
Terminate a Case Connection Account
Upon the resignation or dismissal of a CASA Staff and Volunteers, the IAM
Representative must terminate the individual's access to Case Connection within 48
hours of the CASA's last day in order to comply with the MOU.
To terminate a Case Connection account:
1. Log into ITIM.
2. Click the 'Manage Users' hyperlink from menu in the left-hand frame.
3. Select the criteria by which you wish to search from the "Search by" dropdown menu.
Field Definition
Search By Select the criteria you wish to use to conduct your search.
The screenshot above displays all options for search criteria.
Designated IAM Representative Guide
V1.3 Page 17 of 25
4. Enter search information for the individual in the Search Information field, and then click the Search button.
Field Definition
Search
Information
Enter the specific information that will be used to find the
individual in the system. The information entered in this field must match the Search by criteria selected.
5. The matching entry(s) will appear on the bottom of the screen. Review
the results to ensure the correct individual appears.
Designated IAM Representative Guide
V1.3 Page 18 of 25
Field Definition
Select The Select checkbox is for future functionality. Do not use at this time.
Name The full name of the individual, displayed as a hyperlink.
Email Address The individual's personal email address, as s/he specified when requesting HHS Enterprise Portal access.
Last Name The individual's last name.
Business Unit The business unit with which the individual is associated. This could be any Health and Human Services department, or any local CASA organization. IAM Reps
will only be able to make changes to those records with a CASA business unit.
Status The status of the individual. May be 'Active' or 'Inactive'.
6. Select the arrow corresponding to the individual for whom you wish to
terminate Case Connection access and select 'Accounts' from the menu that appears.
**IMPORTANT**: You do NOT terminate users from the 'Manage Users >
Select a User' screen. You must choose 'Accounts' from the dropdown menu
which will bring up the 'Manage Users > Accounts' screen, where you will
terminate the user's access to Case Connection.
Designated IAM Representative Guide
V1.3 Page 19 of 25
7. Click the Refresh button.
8. The individual's accounts appear once the refresh is complete. Click the
arrow on the row corresponding to the individual's Case Connection account.
Designated IAM Representative Guide
V1.3 Page 20 of 25
9. Select 'Delete' from the drop down menu.
10. Click a radio button under the Schedule section. See the table below for details.
Field Definition
Immediate Click this radio button if you wish for the Case
Connection account to be terminated immediately.
Effective Date Click this radio button if you wish to schedule the
termination for a later time (e.g., if an employee gave 2 weeks' notice and will still need access to Case
Connection during that time).
Date If the Effective date radio button was selected, you must
enter the date on which you wish the change to occur. This field is grayed out if the 'Immediate' radio button is
selected.
Time If the Effective date radio button was selected, you must
enter the time on which you wish the change to occur. This field is grayed out if the 'Immediate' radio button is selected.
Designated IAM Representative Guide
V1.3 Page 21 of 25
11. Click the Delete button.
12. A message appears stating that you have successfully deleted the Case
Connection account. Click the 'View my request' hyperlink.
13. Your request to delete the Case Connection account appears with a status of "Success"
Designated IAM Representative Guide
V1.3 Page 22 of 25
Termination for inactivity
If a CASA staff or volunteer with Case Connection access does not logon to Case
Connection for a period of 90 consecutive days, their Case Connection account will
be automatically suspended and the system will send a warning message to the
CASA Staff / Volunteer and copy of the message to the IAM Designated
Representative. If the account is not restored within 30 days, the account will be
automatically terminated by the system.
What happens next?
After a CASA staff or volunteer's Case Connection account is terminated in the HHS
Enterprise Portal, the staff/volunteer will not see the Case Connection tab the next
time they logon to the Portal. Additionally, upon termination in the HHS Enterprise
Portal, a system transaction will be sent to IMPACT which will automatically
unassign the staff/volunteer's cases and close their external staff record.
What happens if the CASA staff or volunteer would like to regain access to Case
Connection after termination?
Regardless of the reason for termination, the CASA staff or volunteer will need to
start the process over from the beginning, by submitting a new background check
request.
Designated IAM Representative Guide
V1.3 Page 23 of 25
Lock/Unlock an Activity in IAM While it is not advisable, you do have the ability to lock/unlock activities in IAM.
This functionality will prevent any other IAM Rep from approving/rejecting access
requests for the Enterprise Portal or Case Connection.
To lock an activity
1. In the Select column, check the checkbox corresponding to the activity
you wish to lock.
The lock button in the bar directly above the activities becomes active.
2. Click the Lock button.
Designated IAM Representative Guide
V1.3 Page 24 of 25
A lock appears in the State column. Only the user who locked it will be able to
approve or reject the activity. That user may unlock the activity at any time.
To unlock an activity
The following is written to assist the IAM Rep who locked the activity with unlocking
it.
NOTE: Only the IAM Rep who locked the activity will be able to unlock it within
IAM. If IAM Rep A wishes to work a locked activity and IAM Rep B, who locked it, is
unavailable, IAM Rep A will need to submit a help desk ticket to get the activity
unlocked.
1. In the Select column, place a checkmark net