Retiree-Emeritus Integration with IdM

Background

Currently Retiree population (including RBHS) are presented as terminated employees in the Identity Management systems (IdM).  To access Rutgers services, Retirees request Guest accounts and designate HR as their sponsors.  Guest retirees go through annual attestation process to extend their Retiree role beyond the maximum 18 months.

Retiree/Emeritus data is now being provided in the HR system (PeopleSoft) and is made available to the downstream systems via the data warehouse. IdM system, is one of the downstream systems that can now process the retiree/emeritus data and make available to the services for authorization without the need to go through the Guest process.

Goals

Business:

  • Improve Retirees/Emeritus experience of accessing authorized Rutgers services without the need to request additional Guest roles.
  • Representing Retirees/Emeritus more accurately in the Rutgers online directory.

  Security:

  • Services can leverage IdM role base access control and extend it to Retiree and Emeritus communities.

What is changing?

We have extended all current Guest Retirees until 10/15/2018.

No Action if

  • You currently do not provide service to Retiree and Emeritus community; no action is required.

Take Action if:

  • Your application provides a service to Retiree community, and you currently use information from one of the central OIT data services:
    • IdM People Data Database (PDB) :
      • PERSON_ROLE table will now have two additional roles “RETIREE” and “EMERTIUS”
    • IdM LDAP (ldap.rutgers.edu) : note the new values in employeeType and eduPersonAffiliation

employeeType     eduPersonAffiliation
FACULTY          faculty, employee, member
EMERITUS         member
STAFF            staff, employee, member
RETIREE          affiliate
ADMIT COMING     student, member
STUDENT          student, member
ALUMNI           alum
STUDENT WORKER   staff (but not primary), employee, member
SUMMER STUDENT   student, member
WINTER STUDENT   student, member
GUEST            affiliate

Order of Primary Affiliation eduPersonPrimaryAffiliation (when more than one affiliation): faculty, staff, student, employee, member, affiliate, alum

  • OIT Data Services Views and data feed:
    • If the views/data feed provided to you are based on IdM roles and you did not restrict role type in your view/data feed, you will automatically receive the new two roles “RETIREE” and “EMERTIUS”.
    • If you restricted your views/data feed to any specific role type, please consider adding “RETIREE” and “EMERTIUS”
  • If your application authorizes users based on “GUEST” role for retirees, you will need to change your application to look for “RETIREE” role .
  • If you plan to extend your application to emeritus community, A new role for “EMERITUS “will also be added if you plan to extend your service to this community.

How to Contact us for help?

IdM People Data Database idm_support@email.rutgers.edu

https://eas.rutgers.edu/?ht_kb=data-services
IdM LDAP idm_support@email.rutgers.edu

https://eas.rutgers.edu/?ht_kb=ldap-service-dns
OIT Data Services dba@ess.rutgers.edu

https://eas.rutgers.edu/?ht_kb=data-services

 

Testing:

We are actively testing the integration in IdM standard test environment and plan to complete testing by 02/16/2018

Production:

Upon successful testing, we expect to deploy new changes to production between  02/19/2018 – 02/23/2018.

Related Articles