Background
Currently Retiree population (including RBHS) are presented as terminated employees in the Identity Management systems (IdM). To access Rutgers services, Retirees request Guest accounts and designate HR as their sponsors. Guest retirees go through annual attestation process to extend their Retiree role beyond the maximum 18 months.
Retiree/Emeritus data is now being provided in the HR system (PeopleSoft) and is made available to the downstream systems via the data warehouse. IdM system, is one of the downstream systems that can now process the retiree/emeritus data and make available to the services for authorization without the need to go through the Guest process.
Goals
Business:
- Improve Retirees/Emeritus experience of accessing authorized Rutgers services without the need to request additional Guest roles.
- Representing Retirees/Emeritus more accurately in the Rutgers online directory.
Security:
- Services can leverage IdM role base access control and extend it to Retiree and Emeritus communities.
What is changing?
We have extended all current Guest Retirees until 10/15/2018.
No Action if
- You currently do not provide service to Retiree and Emeritus community; no action is required.
Take Action if:
- Your application provides a service to Retiree community, and you currently use information from one of the central OIT data services:
- IdM People Data Database (PDB) :
- PERSON_ROLE table will now have two additional roles “RETIREE” and “EMERTIUS”
- IdM LDAP (ldap.rutgers.edu) : note the new values in employeeType and eduPersonAffiliation
- IdM People Data Database (PDB) :
employeeType eduPersonAffiliation
FACULTY faculty, employee, member
EMERITUS member
STAFF staff, employee, member
RETIREE affiliate
ADMIT COMING student, member
STUDENT student, member
ALUMNI alum
STUDENT WORKER staff (but not primary), employee, member
SUMMER STUDENT student, member
WINTER STUDENT student, member
GUEST affiliate
Order of Primary Affiliation eduPersonPrimaryAffiliation (when more than one affiliation): faculty, staff, student, employee, member, affiliate, alum
- OIT Data Services Views and data feed:
- If the views/data feed provided to you are based on IdM roles and you did not restrict role type in your view/data feed, you will automatically receive the new two roles “RETIREE” and “EMERTIUS”.
- If you restricted your views/data feed to any specific role type, please consider adding “RETIREE” and “EMERTIUS”
- If your application authorizes users based on “GUEST” role for retirees, you will need to change your application to look for “RETIREE” role .
- If you plan to extend your application to emeritus community, A new role for “EMERITUS “will also be added if you plan to extend your service to this community.
How to Contact us for help?
IdM People Data Database | idm_support@email.rutgers.edu
https://eas.rutgers.edu/?ht_kb=data-services |
IdM LDAP | idm_support@email.rutgers.edu
https://eas.rutgers.edu/?ht_kb=ldap-service-dns |
OIT Data Services | dba@ess.rutgers.edu
https://eas.rutgers.edu/?ht_kb=data-services |
Testing:
We are actively testing the integration in IdM standard test environment and plan to complete testing by 02/16/2018
Production:
Upon successful testing, we expect to deploy new changes to production between 02/19/2018 – 02/23/2018.