How to set account permissions based on employees functions

soffid solution-2

Soffid is able to retrieve information from human resource information systems in order to assign employee entitlements. In the following screencast, a full data acquisition and entilement assignment demo can be seen.

1. Authoritative data sources. Multiple authoritative sources can be defined, and each of them retrieves a subset of employee attributes. Soffid has got a wide standard connector catalog, allowing the user to build their owns as well. In the example below, the SQL connector is able to gather all the information form a source data base.

2. The task scheduler executes a number of tasks in an unatteded way. In the example, the task scheduler loads the information comming from the SQL connector into Soffid users database.

3. Soffid rules engine is automatically triggered whenever a user change happens. This rule engine is configure using little scripts that decide whether the entitlements that are bound to the ruld should be granted or not. Also, if a a rule previously granted some entitlement to a user, but now the same rule denies this grant, the rule engine will automatically revoke those entitlements from the user. At the example, the rule engine will grant the Domin Admin permission to any user whose last name is Pig.

4. Any user change triggers the execution of synchronization tasks against any managed systems. Soffid connectors for theese systems will evaluate the accounts, attributes and permissions that should belong to the user and forwards them in asynchronously. In the example, Active Directory connector translates attributes and permissions into Active Directory attributes, groups and organizational units.