Quick reference guide DKSH Corporate Shared Services ... Provisioning.pdf · Quick reference guide...

© DKSH

December, 2016

Active Directory ID provisioning

Quick reference guide

DKSH Corporate Shared Services Center Sdn. Bhd.

© DKSH

Contents

Item Page(s)

Overview 4 - 8

Capabilities 9 - 11

How do I access ? 12 - 13

AD ID creation for employees 14 - 24

Enable email account 25 - 29

AD ID & email creation for external 30 - 37

Enable Active Sync 38 - 40

Change password on next logon 41 - 44

Account Expiration 45 - 48

Phone number update 49 - 51

Revoke AD ID & email 52 - 55

Questions and answers 56 - 60

Overview

© DKSH

Improvement in Active Directory (AD) management

Outlook Address Book

Current challenges

Local IT is required to update user information in active

directory manually

Improvement

Off-load current local IT manual update process

Password

Current challenges

Increase in service desk support due to

password issue in both active directory & lotus

notes for non GAD country

Improvement

• Empower DKSH employees to have the

ability to change password from internet

• Synchornize Active Directory pasword with

lotus notes web

Email Group distribution

Current challenges

• IT have no visibility on the specified AD email

groups who should be inside the list

• Users doesn’t have access to update the member

list

Improvement

Empower DKSH employees to have the ability to self-

manage groups that have been assign

ID Provisioning

Current challenges

• Local IT is required to fill-up 25 fields Active

Directory.

• Active Directory it is not capable of

managing certain field format (e.g. mobile)

Improvement

• Empower local IT to create mail account

• Less AD fields is required to be fill-up

• Data quality improved with data checks

Active

Directory

© DKSH

ID Provisioning building blocks

Platform

Microsoft Active

Directory

SAP

SAP HRPremise

SQL Server

Microsoft Identity

Management Microsoft O365

Cloud

Exchange server

(CN & VN only)

Premise

© DKSH

ID Provisioning process

• SAP HR extract 30,000

record & inject into the

SQL database

(incremental) on a daily

basis

• Active Directory ID will

be created within 3

hours

• Local IT will need to

login to the ID

provisioning application

for AD ID & email

submission

• Email will be created

within 3 hours

• Local IT to configure

outlook client for users.

Employee

information in SQL

Local IT ID

creation

Batch

processing 2

Local team

configure

outlook

client

Batch

processing 1

© DKSH

DescriptionsActive directory

attributesSAP HR IT

1 Windows Logon samaccountname Yes

2 Email Logon Userprincipalname Yes

3 First Name Givenname Yes

4 Last Name Sn Yes

5 Display Name on outlook Displayname Yes

6 Job Title Title Yes

7 Corporate Email Mail Yes

8 Office Direct Phone Telephonenumber Yes

9Fax Number Facsimiletelephonenu

mber

Yes

10 Mobile Mobile Yes

11 Legal Entity Company Yes

12 Department Department Yes

13 Division Division Yes

14 BU Name businesscategory Yes

Data custodian

© DKSH

DescriptionsActive directory

attributesSAP HR IT

15 Bu Code employeeID Yes

16 Cost Center Code departmentnumber Yes

17 Company Code employeetype Yes

18 Employee Number employeenumber Yes

19 Street Address streetaddress Yes

20 Post Code postalcode Yes

21 City l Yes

22 Country co Yes

23 Country Code c Yes

24Office Location physicaldeliveryofficen

ame

Yes

Data custodian (continued)

Mandatory Optional

Capabilities

© DKSH

Functions Descriptions

1 Active directory ID creation • Automated populate email address base on first name and last name

• ID can be created on the OU that have been assign by creator during

submission

• White space filtering

• Checking for duplication of name globally

• Once ID is created, an email will be send to the respective personnel

• IT personnel can search for the user using employee number for creation

2 Email ID creation • Email licence can be selected during AD directory ID creation or after

• Once AD ID is created, country IT can assign a license for email

• Once email have been assign with license, an email will be send to the

respective personnel

3 Phone number • IT personnel can search for employee using employee number of email

for information update

• Ensure only number is enter to the system only

• Country code will be append to the numbers

• Information will be populated in active directory

4 SAP HR attributes • Only the following SAP HR attribute will be replicated to Active directory.

Refer to page 7 for more information

5 ActiveSync Enable activesync feature for users.

6 Disabling ID IT personnel can disabled employees access on active directory with a

single click and it will take immediate effect

Capabilities

© DKSH

Areas Descriptions

1 Provisioning • Active directory user will be created with all the necessary attribute from

SAP HR

• Active directory without SAP HR information can be tag with user type

• Exchange mailbox provisioning

• Ensuring Telephone number, mobile and fax contain number only

2 Disabling • Active directory user can be disable on the spot with a timestamping on

the active directory attribute

• Users with a mail forwarding requirement will be tag in active directory for

record

3 Update • Users can update telephone number, mobile and fax as an when

• Administrator can disable or enable active sync for users

• Administrator can enforce change password for users

• Administrator can set account expiration

Summary of the capabilities

How do I access?

© DKSH

Step 1:

Launch Internet Explorer web browser

Step 2:

Enter the URL https://directory-management.dksh.com in the address bar and press Enter

Step 3:

Click on sign in and enter your DKSH email address and password to sign in.

Step 4:

There is a Help section on self service portal to assists IT administrator to use the system

How do I access ID provisioning self service?

https://directory-management.dksh.com/

ID creation for employees

© DKSH

• Step 1: Click on Existing employee and search for the employee by input either one of the following

information ( First name, last name or employee number)

• Step 2: Click on the result as per below

Active Directory creation

© DKSH

Step 3: On General tab, it will display the necessary information about employees. The grey out box

information can’t be change as it is from SAP HR. Local IT is require to ensure the first name, middle

name, last name and display name is correct before click on the next button

Active Directory creation (continued)

© DKSH

Step 4: On Office location tab, it will display the necessary information about where the employee base.

The grey out box information can’t be change as it is from SAP HR. Local IT is not require to do anything

on this screen, click next to proceed.


© DKSH

Step 5: On Contact tab, it will display the necessary information about employee contact. Local IT is

require to fill-up telephone number field only at this point of time. Click Next to proceed.


© DKSH

Step 6: Click on Administration tab , select Provision active directory account and select Change.


© DKSH

Step 7: Select on the domain and click submit

Step 8: Select on the domain and click submit


© DKSH

Step 9: Click Submit to proceed.


© DKSH

Step 10: Click on OK to proceed.

Step 11: The status of the account creation. You will be receiving an email notification once the ID have

been created.


© DKSH

Step 12: Once the ID have been created, you will get an email with the following information.


© DKSH

Step 13: ID provisioning self service will mark the users with the following status. “An Active Directory for

“Test Dummy” exists”.


Enable email account

© DKSH

Step 1: Click on Existing employee and search for the employee by input either one of the following

information ( First name, last name or employeenumber)

Step 2: Click on the result as per below

Enable email account

© DKSH

Step 3: Click on the Administration tab, and select provision email. By default, only Office 365 is

available as an option. While for other countries (e.g. China & Vietnam) will have more option as there is a

present of exchange server.

Enable email account (continued)

© DKSH


• Step 5: The status of the account creation. You will be receiving an email notification once the ID have

been activated.


© DKSH

Step 6: Once the ID have been created, you will get an email with the following information.


Active Directory user ID and email creation for external

© DKSH

Step 1: Click on Other accounts for account creation

ID creation

© DKSH

Step 2: The following attribute as per highlight below it is a mandatory fields for external ID creation. With

the same capabilities you can create AD account and enable email. Do ensure you choose the right user

type, as this will be serve as an differentiator of the user accounts.

ID creation (continued)

© DKSH

Step 3: For the user type selection, do ensure that during the ID provisioning. The right user type is

selected

− Service : use for service account, temporary account

− External : use for third party or external account. The account have been further classified as per

below

− Client

− Consultant

− Contractor

− company

− Pending_SAP_HR : for DKSH employee who does not have employee number


© DKSH

Step 3: On the Office location tab, ensure the respective country field is selected


© DKSH

Step 4: Click on Contact to enter the telephone number for the respective users. Alphabet and symbol will

be prohibited from entering the system. Once this is done, click Next to proceed.


© DKSH

Step 5: Click on Administration tab, select the options for provisioning. Once the process have

completed, you will be notified via email. Click submit to proceed.


© DKSH


Step 7: The status of the account creation. You will be receiving an email notification once the ID have

been created.


Enable ActiveSync

© DKSH

Step 1: Click on Existing employee or other accounts and search for the employee with one of the

following criteria ( First name, last name or employeenumber, email address)


Enable Active Sync

© DKSH

Step 3: Click on Administration tab, there is an option of ActiveSync and select Enable ActiveSync.

The system will take few seconds to process.

Enable ActiveSync (continued)

Change password on next logon

© DKSH




Password change enforcement

© DKSH

Step 3: Click on Administration tab and click enforce the user to change password on next logon

Password change enforcement (continued)

© DKSH

Step 4: A message will appear, once the change password on next logon have been enforce. You need to

advise the user to change password via the following method:

User in office

• Change password via the normal way by using Control + Alt + Delete

• The prerequisite of the following is the laptop or desktop must be part of DKSH Global Active Directory

User not in office

• Password can be change via a password reset portal at https://passwordreset.dksh.com

Password change enforcement (continued)

Account expiration

© DKSH

Step 3: Click on Administration tab and click on “End of” to set the account expiration.

Account expiration (continued)

© DKSH

Step 4: Click on the date to set the expiration date and save to execute the settings.

Account expiration (continued)

Phone number update

© DKSH

Step 3: Click on Contact tab, update the respective fields with the correct number and click Next to

proceed.

Step 4: On the Administration tab, click update to save the changes. The changes will be reflect to active

directory attribute once the batch job trigger

Phone number update (continued)

Revoke Active Directory user ID and email

© DKSH

Step 3: Click on Administration tab, click on Disabled AD.

Step 4: Select one of the options to proceed:

Disabled user account

• To user account will be disabled

• The date of the activities will be recorded in active directory extension attribute

Disabled user account and enable mail forwarding

• The user account will be disabled

• The date of the activities will be recorded in active directory extension attribute

• Local IT required to log a support ticket to enable mail forwarding

Revoke access (continued)

Questions and answers

© DKSH

Questions Answers

1 Who can use the system? Only country IT admin can use the system

2 What is the process of enabling

country IT to use the self service

portal?

Country IT must require to log a service request to CSSC windows team with

the following information

• Active Directory domain that they are allow to use

• Employee information from SAP HR that they are allow to use for

ID creating

3 What is the process of removing

country IT from using the self

service portal?

Country IT must log a service request to CSSC to remove the respective

country IT

Quesions and answers

© DKSH

Questions Answers

1 What is the pre-requisite to

create an AD account using self

service portal?

Employee number

2 If employee number is yet to be

created, can I still create AD

account for DKSH employees?

Yes, use the external tab for ID creation and select the user type of

“Incomplete”

3 Once the ID have been

submitted for creation, when do I

expect the ID will be created?

The batch processing will execute each request within 3 hours, once the ID

is created. You will be notified via email

4 If I select the options of creating

AD account and O365 access,

does the processing will be still

3 hours?

No, the processing of AD creation will be completed within 3 hours and the

subsequent batch job will run for email activation. Once the process is

complete, you will receive 2 email notification

5 How do I check the status of the

ID that have been submitted and

what should I do if the ID does

not create after a certain period

of time

• You can check the status from the portal it self by searching for the

employees.

• If you do not get an email notification after the ID have been submitted

after 8 hours ago, do raise a service request to CSSC windows team.

Quesions and answers (continued)

© DKSH

Questions Answers

1 What are the attribute that I can

update after I create the

account?

Phone number, fax and mobile phone.

2 Will be more attribute is going to

be open for update in next

revision.

At this point of time, there is no plan to open up other attribute for update.

We shall review this again in next future

3 If there is an employee complain

about job title or some other

information is not correct, what

should I do?

• You may refer to page 7 on the list of attribute that IT is taking care off.

• If there is wrong information projected in active directory, you must check

employee information and search in the portal. If the information in the

portal it is not correct, this would mean SAP HR information is not correct

• If there is no record found during the search, that would mean, the active

directory user does not have an employee number. You need to obtain the

employee number and update on active directory, the information will be

flow in when the batch job run.

4 What if the self service portal

have the wrong information due

to the wrong matching or wrong

information in active directory

Escalate to CSSC windows team


© DKSH

Questions Answers

1 What are the functionality of the

disable button in the self service

portal?

• It will disable the account straight away

2 What is the difference of Yes

and No options when ID is

disabled using self service portal

• Yes : the account will be disable, the disable time will record in one of the

attribute in active directory. Country IT is required to raise a service

request to MNC team for mail forwarding

• No : the account will be disable

3 Automated ID clean-up base on

status

At this point of time, the feature is not ready. Once this is ready, they will be

a communication to country IT


© DKSH

Disclaimer

Due care has been used in preparation of this presentation and DKSH makes every effort to

provide accurate and up-to-date information. Nevertheless, this presentation may be subject

to technical inaccuracies, information that is not up-to-date or typographical errors.

DKSH does not assume liability for relevance, accuracy and completeness of the information

provided. DKSH reserves the right to change, supplement, or delete some or all of the

information on this presentation without notice.

The layout, graphics and other contents in this presentation are protected by copyright law

and should not be reproduced or used without DKSH’s written permission.

Quick reference guide DKSH Corporate Shared Services ... Provisioning.pdf · Quick reference guide...

Documents

Transcript of Quick reference guide DKSH Corporate Shared Services ... Provisioning.pdf · Quick reference guide...