SOP-4: Onboard Users

REVISION HISTORY

Description and Scope #

The following procedure describes the steps to Onboard a user into the EPC system, from the point of identifying the need to create a user up until the point where the user set up and ready for training.

This procedure is focussed on in-app tasks. Tasks such as gathering user information, deciding which user has which permissions, or performing validation tests are not described herein but taken as granted.

Purpose #

The purpose of this process is to effectively onboard users in a repeatable manner that is consistent with governance requirements, all the while minimizing any errors caused by lack of user knowledge.

Onboard User #

Procedure #

Create user using EPC System Admin Panel #

Each user needs to be created individually in EPC. From the User tab on the System Admin Panel, create the Add new user button. Enter the following:

1. Username: For organizations that are integrated with SSO, this must match the user’s Domain Username.
2. First name
3. Last Name
4. Email: For organizations that are integrated with SSO, this must match the user’s Domain email.
5. Password: For organizations that are integrated with SSO, enter a random placeholder password, such as Epc12345. When users log into EPC, they will be redirected to a sign in page requesting their Domain username and password. If the organization is not integrated with SSO, create a safe password for the user to use.

The result is that the user is created and automatically placed into the Everyone Group.

Create user using Just In Time #

Organizations having integrated EPC with SSO have an added option for user creation: individuals can have a user automatically created in EPC through Just In Time User Creation as long as their Domain user is within the Domain group that EPC is integrated with. The remaining permission and role assignment tasks must however be performed manually by an administrator.

Note: users can still be created through the system admin panel when SSO and Just In Time are active. As a matter of fact, some administrators choose to always create users manually to expedite the onboarding process, especially when they wish to onboard several users in bulk.

To create a new user using Just In Time,

1. the employee must access the EPC login page and enter their Domain credentials.
2. In the background, a program runs to authenticate the user against the domain.
   1. if they exist in the Domain group that EPC is integrated with,
      1. a user is created for them
      2. the user is automatically assigned to the Everyone group (which has minimal access rights to the Production environment)
      3. and they are brought to the EPC home Page
   2. if they do not exist, they are given an error message and denied entry.

Assign Users to corresponding user groups #

User permissions are managed at the group level. Therefore, users must be assigned to one or more groups depending on their roles. Please consult the Architecture Governance Document for the full breadth of groups and their settings.

Note: If the user only needs to be assigned to the Everyone group, this step can be skipped. Upon creation, all users are automatically placed into the Everyone Group, which has minimal access rights to the Production Environment. For more information on groups, see the Architecture Governance Document.

To assign a user to a group

1. Navigate the cursor and select the icon for the Group you want to add users to
2. Navigate to the “Select a Group” search box
3. Type the name of the Group you want to add to the User. “Double Click” on the group to finish adding it
4. The added group will appear on the following table. The system admin will receive an automatic notification when the group is successfully added

Import Users as Resources #

To associate users to roles for RACI association and Approval Workflow purposes, users must first be imported into the Production environment as Resources.

From the Production Environment,

1. Navigate to the Details tab of the Org Unit containing all Resources,

1. Click the New button and select the Import Users as Resources option
2. A form will open. Click on the import button
3. A window will be generated once users were successfully imported as resources. Navigate to the List tab to find the newly created resources.

Assign resources to roles as needed #

Resources may require to be associated to one or more Roles for RACI assignment or Approval Workflow purposes. From the Resource’s Details page

1. Click the Edit button
2. Navigate to the ‘Which Roles does this resource have?’ section
3. Type the name of the Role you want to associate. From the search suggestions, click to select the Role you want to associate.
4. You can also search for the role by clicking the button to the right of the auto-fill box.
5. When complete, hit the Save button
6. Publish the resource and any unpublished roles that it is assigned to