Connector with Lawson
Connection with Lawson
Identity and Access Management (IAM) offers the ability of creating a link between Lawson and all user accounts across the network. This link allows IAM to detect changes in Lawson, which it will automatically implement across the network according to predefined procedures.
Tools4ever offers dozens of predefined procedures that can be customized for any organization, ensuring quick and accurate alignment with the existing user account management process.
Benefits of an automated link:
Shorter lead time for creating accounts – Changes (employees entering or leaving service, changes in an employee’s position, changes in contract details) are recorded meticulously and consistently by the HR organization in Lawson. As part of the first-day procedure, employees will be listed in the HRM system from their first day at work. By linking the HRM system to the user accounts across the network, changes can be implemented immediately and without errors. The account will have been created on an employee’s first day of work, along with all the relevant security settings for his or her job profile. This data will be present in all platforms and applications used by the organization.
Error-free user account creation – By linking Lawson to user account information across the network, changes can be implemented directly and without information loss. In traditional scenarios this will often involve a manual e-mail procedure prone to errors and delay. And just imagine the consequences if a user account for a fired employee is not duly disabled.
Availability of advanced capabilities across the organization – Lawson contains various information that can be leveraged to improve internal service provision. Since the relationships between managers and employees are stored in the system, managers can be notified of newly-created accounts via e-mail, along with the exact employee details. Based on the relationships stored in Lawson, managers can also be assigned access privileges to employees’ mailboxes and home directories.
When employees leaves the company, their accounts can be cleared in phases. First the account is immediately disabled. It can then be migrated to another OU. It is also possible to migrate the employee’s home directory data to secondary storage after a two-month period, or to set an auto responder message and to have all e-mail forwarded to the employee’s manager.
Service Levels compliance with minimal staff – In many organizations, it takes an average of at least 30 minutes to create, modify or remove an account (excluding correcting possible errors). The number of changes for 100 users is around 10 a week (Source: Gartner, IDC). By setting up a Lawson link, the effort required from systems administrators and/or a helpdesk agent will be reduced to practically zero. In an organization with 1,000 employees, this will quickly free up the time of one employee.
Service Levels compliance with cheaper staff – Besides providing a direct link with Lawson, IAM offers forms that helpdesk agents can use to conveniently perform the remaining user account management tasks. Examples are resetting and/or unlocking user accounts, (ad hoc) modification of user accounts and the approval of changes proposed by Lawson. In practice the form interface imposes few demands on the user account administrator.
Security/Auditing - If no user management tools are available, everybody involved in user account management needs high network access privileges. For instance, helpdesk agents may require Domain Admin privileges as well as access to all information across the network. With IAM, fewer privileges will be required. Moreover, IT agents will only be able to perform the tasks for which IAM has been configured. Direct access (e.g. through ADUC or NTFS) will no longer be available.
Enforcement of company policies – User account management is regulated in IAM with templates and profiles. Using the template and profile, the systems administration department can indicate exactly how an account must be created. This mechanism can be leveraged to implement the policies used by the quality assurance and/or auditing department. Company policies can thus be implemented in phases while the pollution of user account data can be eliminated step by step. Reducing data pollution, in turn, will result in fewer security issues and makes implementation of changes across the network simpler.