approve/reject requests and terminate users in identity...

V1.3

DFPS

Approve/Reject

Requests and

Terminate Users

in Identity

Manager (IAM) A step-by-step guide to completing the responsibilities of the CASA IAM Representative role.

Department of Family and Protective Services 2/3/2015

Designated IAM Representative Guide

v.1.3 Page 1 of 25

Contents

Introduction .................................................................................................. 2

Roles ............................................................................................................ 2

Log into ITIM ................................................................................................. 3

Approve or Reject Portal Requests.................................................................... 5

To approve or reject portal access requests ................................................. 6

What happens next? ............................................................................... 13

Approve or Reject Case Connection Requests .................................................. 14


Terminate a Case Connection Account ............................................................ 16

To terminate a Case Connection account: .................................................. 16

Termination for inactivity ......................................................................... 22


Lock/Unlock an Activity in IAM ....................................................................... 23

To lock an activity .................................................................................. 23

To unlock an activity ............................................................................... 24


V1.3 Page 2 of 25

Introduction

This document walks you through the steps of reviewing and approving/rejecting

requests to access the HHS Enterprise Portal and the Case Connection Application.

Additionally, it covers how to terminate a Case Connection account in the event of a

CASA staff/volunteer resignation or dismissal.

Roles CASA IAM Designated Representatives, referred as "Partner Supervisors" in the

HHS Enterprise Portal, will need to understand how to complete the steps provided

in this guide in order to manage access to the Portal and to the Case Connection

Application for their local CASA organization.

It is important to note that requesting Portal accounts and Case Connection access

is a self-service process that the CASA staff and volunteers must complete on their

own. Your responsibility is to approve or reject the reject the request, not to create

user IDs or portal accounts for staff, or submit Case Connection requests on their

behalf.

Request Case

Connection Access

Background Check

Obtain Access to

Case Information

Use Case Connection


V1.3 Page 3 of 25

Log into ITIM

1. Open up your internet browser and navigate to:

https://hhsportal.hhs.state.tx.us/iam/portal/DFPS/

2. Enter your username and password, and then click the Login button.

The Security Agreement screen appears.

https://hhsportal.hhs.state.tx.us/iam/portal/DFPS/


V1.3 Page 4 of 25

3. Read the Security Agreement, and then click the Agree button.

NOTE: Every time you log into the HHS Enterprise Portal, you will be prompted to

read the Security Agreement. Clicking the Agree button indicates your agreement

to the terms. You may click the Reject button, but you will be logged out of the

system.

4. Click the ITIM tab. This will open the Tivoli Identity Manager application.

NOTE: Once ITIM Opens, the screen will be divided into two separate sections, or

'frames'. The left-hand frame is a menu you may use to navigate in and around

ITIM. The right-hand frame takes you directly to where you need to be for this

procedure - the View Activities window. Any pending requests will appear in the

right-hand frame.


V1.3 Page 5 of 25

Approve or Reject Portal Requests

Although IAM Representatives that are set-up by DFPS as Partner Supervisors in

IAM do not have to register for Portal Accounts, all other CASA Staff and Volunteers

who have a business need for Case Connection must first register for an HHS

Enterprise Portal account. Every request for access to the Portal must be approved

or rejected by you, the IAM Representative for your Organization.

You will receive an email once a CASA staff or volunteer requests access to the

Portal. The email will direct you to log in, review the request, and approve/reject

the request. A sample of the email you will receive is displayed below:

Figure 1: Email sent to IAM Representative for HHS Enterprise Portal Approval

Note: The system requires the IAM Representative to take action on a request

within 5 days. After 5 days a reminder will be sent out that if action is not taken in

another 5 days the request will be automatically deleted from their approval queue

(after a total of 10 days) and the staff/volunteer will be sent an email stating their

access was not granted by the IAM Rep.


V1.3 Page 6 of 25

To approve or reject portal access requests

There may be one or more requests for portal access waiting for review in the work

queue.

Below is an example of what the system will display when there is a single request:

Figure 2: Single request for portal access

Note that when a single request for portal access is displayed, the Requested For

and Subject columns contain the name of the individual who made the request.

Below is an example of what the system will display when there are multiple

requests:

Figure 3: Multiple requests for portal access

When multiple requests are made, the Requested For column will read 'Multiple',

and the Subject column will state the number of requests received. In this case "5

Items" is displayed, signifying there are 5 portal account requests awaiting review.


V1.3 Page 7 of 25

1. Log into ITIM.

2. Click on the 'Partner Supervisor Approval for Enterprise Portal Account'

hyperlink in the Activity column.

3. Complete the following:

For a single portal access request, go to the next step.

For multiple portal access requests, once you click the hyperlink in the Activity column, each individual request appears. Click on the

name under the Subject column, and then go to the next step.


V1.3 Page 8 of 25

4. Click on the 'Provide Information' hyperlink.


V1.3 Page 9 of 25

After clicking on Provide Information link, a screen will appear that displays details

about the person requesting access to the Portal for your review:

5. Verify the information that appears on this screen. You will need to

ensure the following:

The Person listed is currently affiliated with your local CASA

Program.

The Person's name is spelled correctly.

Verify the person's identity according to your local CASA Program's

policy and procedures.

6. Click the Details Button to view the "Manage Approval" Screen so you

can Approve or Reject the Request


V1.3 Page 10 of 25

7. Select either 'Approved' or 'Rejected' from the "*Approval" pull down menu.

If the information is incorrect, or if the individual is not known to your local

CASA organization or does not need Portal access, then you will reject the

request. If the information is correct and you have confirmed this individual

does require Portal access, you will approve the request.

8. If you are rejecting the request, then you must enter notes regarding

why you are rejecting the request. Any notes entered will be in the rejection email that is sent to the person making the request.

9. Click the Save button.


V1.3 Page 11 of 25

After clicking save, the following screen will appear where you will submit your

action to approve or reject the request.

10. Click the Submit button to finalize the approval of the request.


V1.3 Page 12 of 25

11. The Success confirmation screen appears. Click the Close button to return Home.

12. The Home screen appears. From here you may log out, or click the 'Manage Users' hyperlink to process additional requests that are in your

queue.


V1.3 Page 13 of 25

What happens next?

CASA staff/volunteer receives an email notification regarding their Portal

Request

After the HHS Enterprise Portal Request is approved or rejected by the IAM

Designated Representative, the CASA staff/volunteer will receive an email telling

them if their request for access to the Portal was granted. Examples of the system

generated emails are displayed below:

Figure 4: Email for access granted to the HHS Enterprise Portal

Figure 5: Email for Access to the HHS Enterprise Portal Not Granted

CASA staff/volunteer submits a request to access to Case Connection

After the CASA staff/volunteer receives an email stating their access to the Portal

has been granted, the staff/volunteer will follow the steps in the Getting Started

Guide to complete and submit a request to access to the Case Connection

application.


V1.3 Page 14 of 25

Approve or Reject Case Connection Requests

CASA Staff and Volunteers with a business need for Case Connection are instructed

to request access to Case Connection after they have been granted access to the

HHS Enterprise Portal. As with the Portal requests, every request for access to

Case Connection must be approved or rejected by you, the IAM Rep. You will

receive an email once a CASA requests access to Case Connection. The email will

direct you to log in, review the request, and approve/reject the request within

Identity Manager (IAM).

Figure 6: Email Informing of Case Connection Access Request

The process for approving Case Connection access requests is the same as portal

requests approval process. Follow the steps in the Approve or Reject Portal

Requests section of this document to work Case Connection access requests.

Figure 7: The Activity column specifies that the request is for a Case Connection account.


V1.3 Page 15 of 25

What happens next?

CASA Volunteer Request: The approval process for the Case Connection request is

considered complete after the IAM Designated Representative approves / rejects

the request.

CASA Staff Requests: After the IAM Designated Representative approves a CASA

Staff request for Case Connection, the request is routed to a DFPS Applications

Security Administrator (ASA) for a secondary review and final approval/rejection.

After a Case Connection Request is finalized by the IAM Designated Representative

or the ASA, the CASA staff/volunteer will receive an email telling them whether

their request for access to Case Connection was granted. Examples of the system

generated emails are displayed below:

Figure 8: Email for Case Connection Access Granted

Figure 9: Email for Case Connection Access Not Granted by the IAM Representative

Figure 10: Email for Case Connection Access Not Granted by DFPS


V1.3 Page 16 of 25

Terminate a Case Connection Account

Upon the resignation or dismissal of a CASA Staff and Volunteers, the IAM

Representative must terminate the individual's access to Case Connection within 48

hours of the CASA's last day in order to comply with the MOU.

To terminate a Case Connection account:

1. Log into ITIM.

2. Click the 'Manage Users' hyperlink from menu in the left-hand frame.

3. Select the criteria by which you wish to search from the "Search by" dropdown menu.

Field Definition

Search By Select the criteria you wish to use to conduct your search.

The screenshot above displays all options for search criteria.


V1.3 Page 17 of 25

4. Enter search information for the individual in the Search Information field, and then click the Search button.

Field Definition

Search

Information

Enter the specific information that will be used to find the

individual in the system. The information entered in this field must match the Search by criteria selected.

5. The matching entry(s) will appear on the bottom of the screen. Review

the results to ensure the correct individual appears.


V1.3 Page 18 of 25

Field Definition

Select The Select checkbox is for future functionality. Do not use at this time.

Name The full name of the individual, displayed as a hyperlink.

Email Address The individual's personal email address, as s/he specified when requesting HHS Enterprise Portal access.

Last Name The individual's last name.

Business Unit The business unit with which the individual is associated. This could be any Health and Human Services department, or any local CASA organization. IAM Reps

will only be able to make changes to those records with a CASA business unit.

Status The status of the individual. May be 'Active' or 'Inactive'.

6. Select the arrow corresponding to the individual for whom you wish to

terminate Case Connection access and select 'Accounts' from the menu that appears.

**IMPORTANT**: You do NOT terminate users from the 'Manage Users >

Select a User' screen. You must choose 'Accounts' from the dropdown menu

which will bring up the 'Manage Users > Accounts' screen, where you will

terminate the user's access to Case Connection.


V1.3 Page 19 of 25

7. Click the Refresh button.

8. The individual's accounts appear once the refresh is complete. Click the

arrow on the row corresponding to the individual's Case Connection account.


V1.3 Page 20 of 25

9. Select 'Delete' from the drop down menu.

10. Click a radio button under the Schedule section. See the table below for details.

Field Definition

Immediate Click this radio button if you wish for the Case

Connection account to be terminated immediately.

Effective Date Click this radio button if you wish to schedule the

termination for a later time (e.g., if an employee gave 2 weeks' notice and will still need access to Case

Connection during that time).

Date If the Effective date radio button was selected, you must

enter the date on which you wish the change to occur. This field is grayed out if the 'Immediate' radio button is

selected.

Time If the Effective date radio button was selected, you must

enter the time on which you wish the change to occur. This field is grayed out if the 'Immediate' radio button is selected.


V1.3 Page 21 of 25

11. Click the Delete button.

12. A message appears stating that you have successfully deleted the Case

Connection account. Click the 'View my request' hyperlink.

13. Your request to delete the Case Connection account appears with a status of "Success"


V1.3 Page 22 of 25

Termination for inactivity

If a CASA staff or volunteer with Case Connection access does not logon to Case

Connection for a period of 90 consecutive days, their Case Connection account will

be automatically suspended and the system will send a warning message to the

CASA Staff / Volunteer and copy of the message to the IAM Designated

Representative. If the account is not restored within 30 days, the account will be

automatically terminated by the system.

What happens next?

After a CASA staff or volunteer's Case Connection account is terminated in the HHS

Enterprise Portal, the staff/volunteer will not see the Case Connection tab the next

time they logon to the Portal. Additionally, upon termination in the HHS Enterprise

Portal, a system transaction will be sent to IMPACT which will automatically

unassign the staff/volunteer's cases and close their external staff record.

What happens if the CASA staff or volunteer would like to regain access to Case

Connection after termination?

Regardless of the reason for termination, the CASA staff or volunteer will need to

start the process over from the beginning, by submitting a new background check

request.


V1.3 Page 23 of 25

Lock/Unlock an Activity in IAM While it is not advisable, you do have the ability to lock/unlock activities in IAM.

This functionality will prevent any other IAM Rep from approving/rejecting access

requests for the Enterprise Portal or Case Connection.

To lock an activity

1. In the Select column, check the checkbox corresponding to the activity

you wish to lock.

The lock button in the bar directly above the activities becomes active.

2. Click the Lock button.


V1.3 Page 24 of 25

A lock appears in the State column. Only the user who locked it will be able to

approve or reject the activity. That user may unlock the activity at any time.

To unlock an activity

The following is written to assist the IAM Rep who locked the activity with unlocking

it.

NOTE: Only the IAM Rep who locked the activity will be able to unlock it within

IAM. If IAM Rep A wishes to work a locked activity and IAM Rep B, who locked it, is

unavailable, IAM Rep A will need to submit a help desk ticket to get the activity

unlocked.

1. In the Select column, place a checkmark net


V1.3 Page 25 of 25

2. In the Select column, place a checkmark in the box corresponding to the activity you wish to unlock.

3. Click the Unlock button. The lock icon disappears from the State column

and the activity is open to any IAM Rep to approve or reject.

approve/reject requests and terminate users in identity...

Documents