Register Sign in Need help? FAQ SailPoint directory
Help

Non-Employee Lifecycle Management Release Details

Non-Employee Lifecycle Management Release Details

The ability to effectively manage access for all types of workers is more important now than ever before. To provide value to our customers as quickly as possible, we're releasing an initial version of our non-employee management feature which provides user interfaces for the most common tasks you'll perform.

This document contains details about what functionality you can expect, and how it will be made available in the first two releases.

June 2020 Release

We expect the following functionality will be available in June:

In the User Interface Via API

For Org Administrators:

  • Create and update individual non-employees on all non-employee sources.
  • View all accounts and requests on non-employee sources.

For Non-Employee Account Managers:

  • Request new accounts on non-employee sources they manage.
  • View current accounts and requests on non-employee sources they manage.
  • Receive email notifications of upcoming end dates for non-employees on sources they manage.

For Non-Employee Account Reviewers:

  • Approve or deny requests for accounts for new non-employees.

For Org Administrators:

  • Create non-employee sources to manage non-employee accounts.
  • Assign non-employee managers and non-employee account reviewers to sources.
  • Create and map custom account schema attributes.
  • Bulk upload accounts to non-employee sources using a CSV file.
  • Configure approval processes for new non-employee account requests.
  • Configure email notifications sent throughout the non-employee account create workflow, as well as end-date reminders.
  • Export non-employee accounts for reporting and backup procedures.
  • Delete accounts on non-employee sources.

 

September 2020 Release

We anticipate that when we release v2 of our non-employee lifecycle management functionality, all features previously only availble via API will be available in the user interface.

As always, don't hesitate to reach out to your CSM with any questions, or post a question in our IdentityNow Forum.

Comments
Ian
‎Jun 04, 2020 10:24 AM
‎Jun 04, 2020 10:24 AM

Is there any documentation / screen shots / etc that we can view? This is a feature we've been waiting on for a long time and are excited to get it implemented.

tylerstevens
‎Jun 04, 2020 05:49 PM
‎Jun 04, 2020 05:49 PM

Agree with @Ian, is there any documentation/screenshots that we can view? We have a recent business use case for this feature and would love to implement.

Ian
‎Jun 04, 2020 07:23 PM
‎Jun 04, 2020 07:23 PM

@tylerstevens - I asked my customer success manager to get this into our sandbox ASAP. I’ll let you know if that happens. I know they’ve been testing it for awhile. 

Product_Management
‎Jun 09, 2020 10:04 AM
‎Jun 09, 2020 10:04 AM

@Ian @tylerstevens We're excited for you to have your hands on our Non-Employee Lifecycle Management capabilities! We will have supporting documentation out toward the end of the month, which will also be when you can see the capabilities in your tenants. 

Ian
‎Jun 09, 2020 10:07 AM
‎Jun 09, 2020 10:07 AM

I've been asking for access/information for months... but what's another couple of weeks I guess. : )

sgshah1105
‎Jun 23, 2020 01:07 PM
‎Jun 23, 2020 01:07 PM

I see the Tile in my environment. Where can I find documentation for this?

tracy_flowers
‎Jun 23, 2020 04:40 PM
‎Jun 23, 2020 04:40 PM

I now see the tile in our Sandbox environment (not Production), but I don't see the source type as an option when trying to create a new source... is this release currently "In progress"?  We are also closely watching for this release...

joshua_cigna
‎Jun 23, 2020 05:14 PM
‎Jun 23, 2020 05:14 PM

Is there any connection to the Account Password Manamgent feature for these Non-Human accounts?  Any capability to share accounts between populations for passwords management? 

wi_ing
‎Jul 01, 2020 05:05 AM
‎Jul 01, 2020 05:05 AM

Hey all, it is now PAST DUE "end of month" but I still do not see any documentation? 

It MAY be because I am too stupid to find (n00b here!) but still? there are some lurkers here who seem to be waiting, too?

SandilyaKrovvidi
‎Jul 02, 2020 01:02 AM
‎Jul 02, 2020 01:02 AM

Hey All, I see some documentation in this link https://community.sailpoint.com/t5/Admin-Help/tkb-p/IDN_admin_help. However, the API end points are still not updated. It would be great to have the end points added there. Also, they are just a flag on existing endpoints, it would nice to mention the same here. https://community.sailpoint.com/t5/Admin-Help/Managing-Non-Employee-Sources-and-Accounts/ta-p/161460

tracy_flowers
‎Jul 02, 2020 11:27 AM
‎Jul 02, 2020 11:27 AM

The documentation for the non-employee API endpoints is actually out there now.  @SandilyaKrovvidi & @wi_ing - If you navigate to the Admin-Help/Managing-Non-Employee-Sources document (second link in Sandilya's post) there is a portion that states:

"You can find all of these beta APIs under Non-Employee Lifecycle Management at api.identitynow.com."  The key here is that the API endpoints are still BETA... so after navigating to apilidentitynow.com, you have to make sure to select 'beta' from the dropdown at the top right of the screen ("select definition").

dernc
‎Jul 07, 2020 11:50 AM
‎Jul 07, 2020 11:50 AM

Seems like functionality we've been looking for but to make sure I understand it correctly - This would be most useful if for a given non-emp source, we could create an account manager who is a non-emp themselves so that account requests can be self-serviced by an external third party rather than have to assign account managers who are internal (emps). 

For example, we might contract with a third party consultant company to bring in a team of consultants who need AD access.  To set this up we would create a source for their company, create an account/identity for their HR person, that person would then create access requests for each member of a consulting team and an internal (emp) Account Reviewer would be assigned to approve the requests. 

Is this an intended use case or does this not work for some reason?  Is there any risk to allowing this external account mgr to access our tenants?

haven904
‎Jul 08, 2020 02:33 PM
‎Jul 08, 2020 02:33 PM

Anyone figured out how to update the list of Account Managers or Approvers for a Non-Employee Source through API? I keep getting JSON is not supported.

hthai109
‎Jul 13, 2020 08:08 PM
‎Jul 13, 2020 08:08 PM

Detail documentation will help a bit.  Please post them.  I'm also looking for both API or GUI to start testing out onboarding non-employees.  Has anyone been able to get the API to work successfully?

haven904
‎Jul 14, 2020 08:49 AM
‎Jul 14, 2020 08:49 AM

Got API working...but API documentation is a little cryptic with little examples to help.

Here are links that might help

https://api.identitynow.com/?urls.primaryName=Beta#/Non-Employee%20Lifecycle%20Management

https://community.sailpoint.com/t5/Admin-Help/Managing-Non-Employee-Sources-and-Accounts/ta-p/161460

TIP: If you need to patch the list of approvers or account managers make sure you add Content-Type = application/json-patch+json to the header in Postman

My assessment of the Non-Employee Management Feature

When reviewing a product or feature, the main things I consider is does this save time, make us more effective or efficient, or fix a problem which then leads to saving money, reducing risk, etc. This leads to the question…

Is this better than having the manager email this information to the IAM team and have the IAM team fill out the .csv file for non-employees and upload?

  1. I like the fact that the business/or others outside of IAM team has an interface to put in the information directly about a contractor.
  2. The problem is the benefit stops there for us.
    1. To use this for all non-Employees we would need to train managers to use this properly
    2. Because we are expecting the manager to put in a unique SailPoint ID, now we are adding problems. (See #1 below for my suggestion on this)
    3. You also have to allow people to input individually. This is added work for the IAM team to administrate the list. Also the list uses the internal ID for the user that is not identifiable that would need to be  looked up to figure out who has that access already (Not a better process)
    4. Approvals are singular accounts vs a group. If someone is out of the office, things don’t get approved (not a better process) (See #2 below)
    5. I know some things will move from API to UI but API is a real pain for high volume changes.
    6. The lack of good documentation or links between documentation to tell you the whole story is not good. 

Suggestion to Product Team:

  1. From what I’ve learned, the manager requesting the account would need to know the unique Identity ID for the user. We use a sequential number patterned which managers would need to pay attention and look up to see what is the next in sequence. It would be better if this could be left off the request and added as an additional step in the process by the IAM team.
    1. You can fix it but it also doesn’t show up for editing until all the approvals happen. By that time it’s too late to change the SailPoint ID. It will change the SailPoint logon though so now you have SailPoint ID different then logon.
  2. It also would be great if you could add additional fields that only the IAM could input afterwards in the process flow, that would be locked out from the requestor. This would be helpful if these attributes are tied to roles/birthrights that the manager wouldn’t know how to choose or input correctly.
  3. Approvers are singular vs Groups. It would be better to be able to reference governance groups too if approver is out.

This might be a good Beta / Niche product at this point, more tied to if you have high turnover of contractors and you want a couple of contract admins to input the non-Employees directly, and then have it go through the approval process by a certain person before creating an account.

In our world, I don’t see this being a function saving us time, make us more effective or efficient, or fixing a problem until at least the 3 suggested items above are addressed.

SandilyaKrovvidi
‎Jul 15, 2020 01:14 AM
‎Jul 15, 2020 01:14 AM

@haven904 That's a great review for the feature. May be you should add it as idea for this feedback to be properly processed. Until the point of time this feature completely matures, just wanted to share an approach that we are taking up for contractor on-boarding.

An external user onboarding form is submitted in ServiceNow if you want a new hire to be onboarded. Submission of this form triggers an IdentityNow API which updates a flat-file source with new record in the source. Similar approach is followed for the submissions as well. 

Access to this form is managed by a ServiceNow group.

 

kevin_niyah
‎Jul 15, 2020 10:36 PM
‎Jul 15, 2020 10:36 PM

FYI next Wed July 22 our first SaaS Office Hours will provide an overview of Non-Employee Lifecycle Management (NELM), which you can find here:  Register Now: July 2020 SaaS Office Hours

sasiHA2285
‎Sep 16, 2020 08:25 AM
‎Sep 16, 2020 08:25 AM

Hey All,

I was trying to test and implement this feature in our sandbox env. When I try to create a non-employee source, it was asking for the owner. So I gave my ID and submitted the request. It was throwing an error stating that "Referenced Owner, approver, account manager was not found". Format seems to be in UUID for owner, approver & account Manager. What is this UUID and where I can find the same in IdentityNow environment. Please advice.

Thanks,

Sasitharan Duraisamy.

 

ashishrajput
‎Oct 01, 2020 10:21 PM
‎Oct 01, 2020 10:21 PM

Hi All,

 

Does anyone know if this is now available in UI or tentative release date?

 

Thanks 

kelly_wells
‎Jul 28, 2021 04:05 PM
‎Jul 28, 2021 04:05 PM

Please refer to the online help going forward, as the Compass article has been migrated (and will be removed).

Version history
Revision #:
1 of 1
Last update:
‎Jun 03, 2020 11:20 AM
Updated by:
SailPoint Employee
 
View Article History
Contributors