Hi
background:
The management of user rights in Apps9-10 is rather fragmented. We have internal users with employment info, external persons administered in ad and some of them mirrored in IFS, dozens of our own permission sets on top of dozens of core ones, various authorization rights for invoices and purchases, there are document access configurations and parameters in system definitions, the GDPR data definitions etc. and all of these are maintained by few support people mostly from HR, ICT ad finance so that each takes care of certain area.
I do understand that our current implementation could be done in several ways and there could be some simplifications achieved. Instead of fine tuning we however need to reach a whole new level of simplicity and automation to help speed up the entry/exit processes of employees and keep data and permissions more up-to-date without so much manual work as now. We need to be faster and provide constant high quality. This needs automation and automation needs control.
questions:
I heard today that there is something called “scim” or “system for cross domain id management” in IFS Cloud starting from version 23R1. What new capabilities does it bring into play and how are you utilizing it? What are your experiences of it?
Regarding ID management have you working solutions based on using ad groups in IFS10? (so that permission are given in ad via groups and their memberhips are used in permitting or disabling various user rights in IFS via some interface).
Haven’t got yet understanding how the the IFS Cloud “projections” dimension effect all this either.
