Contractors, interns, consultants, and other non-employees in your organization might require special governance treatment. You can use IdentityNow to track these users' access and activity by creating and maintaining a non-employee source. You can have up to 20 non-employee sources in your org.
By using our Non-Employee Lifecycle Manager, you agree to the following:
Process Overview
Use the processes below to create a non-employee source and add accounts.
1. Sign in to IdentityNow and go to the Admin interface. Go to Connections > Sources. 2. Click New. 3. In the Source Type field, choose Non-Employee and specify the following:
Click Continue. The non-employee source's configuration page is displayed. |
|
4. Optionally, choose up to ten account managers in the field Who should manage these accounts?. These users can request new accounts on this non-employee source. They do not have to be administrators in your org. 5. Optionally, choose up to 3 account reviewers in the fields in Who should review account requests?. These users review all account requests made by the account managers. Each reviewer will review the request in the order you choose here, and if any one reviewer denies the account request, the account won't be created. These users also don't have to be administrators. Click Save. |
You can add custom attributes to your non-employee source to represent important information about these identities.
Complete the following steps:
1. From the Sources list, go to the non-employee source you want to edit. 2. In the sidebar, click Account Schema. 3. Click Add New Attribute. |
|
4. Add the following information for each attribute you want to add:
Choose whether the attribute should be required for accounts on this source. IMPORTANT:
If you want to add another new attribute after saving this one, check the Add Another checkbox. Click Save. |
You can add up to 10 custom attributes to your source.
To manage non-employees in IdentityNow, you'll need to create accounts for them. You can add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts.
Before uploading a list of non-employee accounts, you will need to export the CSV template using the Export button on the Accounts page. Uploaded account files must follow this template.
Complete the following steps:
1. From the Sources list, go to the non-employee source you want to edit. You can also reach this page from the Manage Non-Employees widget on the user dashboard. 2. In the sidebar, click Accounts. 3. Click + Add Accounts and click Bulk Upload. This option won't be available if there's already a bulk upload in progress. 4. Choose the CSV file you want to upload. When you initiate the upload, you'll see a success notification. |
Org admins can directly create new accounts on the Accounts list following the steps below. These accounts do not go through a review process. Alternatively, admins can request a new account on the Account Requests tab.
Complete the following steps:
1. From the Sources list, go to the non-employee source you want to edit. You can also reach this page from the Manage Non-Employees widget on the user dashboard. 2. In the sidebar, click Accounts. 3. Click + Add Accounts and click Add Account. 4. Enter the following information, depending on which attributes you have marked as required:
If you want to add another new account after saving this one, check the Add Another checkbox. Click Add. |
IMPORTANT: You are responsible for regularly downloading your non-employee information to create an authoritative backup of their account information.
Org administrators can edit any attribute on the accounts on non-employee sources by going to the Accounts list and clicking the name of the account to edit. Account managers can edit the end date for non-employees on sources they manage.
Creating an identity profile allows you to generate identities from the non-employee accounts you create on this source. Identities are composite sets of data and access, which gives you you a comprehensive view of each user.
Use the steps in Create an Identity Profile to begin.
IMPORTANT: By default, non-employee source attributes are not mapped to identity profile attributes. In order for correlation to work and identities to be created, you must manually map non-employee source attributes to the required identity attributes for this profile.
After these identities have been created, you can manage them as you would any other identity. You can provision accounts on other sources for them, or include them in certification campaigns.
NOTE: Because non-employee sources don't support entitlements, source owner certifications created for this non-employee source will move directly to Completed, and won't go through a review process.
You can see more information about what non-employee account managers and non-employee account reviewers can do by reviewing additional documentation.
Several events related to non-employee management generate emails in IdentityNow. Like other IdentityNow email templates, these emails can be modified to suit your business's needs.
You can find information on account requests and modifications using Search. Use the query type:NON_EMPLOYEE to find audit events related to non-employee management. See Audit Reports and Monitoring in IdentityNow for more information about audit reports.