User Onboarding With Orchestrations
Automate different orchestration calls and automate the process of setting up a new user into JDE Enterprise One using JDE Orchestrator studio.
It takes many clicks and elevated authority to create a new user in E1, which makes navigating in E1 tedious and cumbersome as there could potentially be hundreds of records to update. Approvals and forms are usually sourced from various departments such as AB, HR, Service Management, and Master Data, and can create issues with data integrity if an AB record is unknown or if the user is created before some of the other master data. User onboarding and provisioning need to be automated in JDE to reduce security audit compliance issues and standardize the process, which varies between customers, also ensuring data integrity, reducing errors, and deterring fraud.
User Onboarding – Can we fix this with new Features?
Solution Summary
Single Orchestration to kick off the process where all User Creation inputs are entered by Administrator.
How
- Process Recorder and Orchestration Studio
- Composite Pages as Process Flows and Orchestrations Input
- Can be adapted or modified based on user onboarding process i.e. SWM config, Default System User, Roles, Approvals.
Benefits
- Reduce time to create users.
- Streamline process.
- Auditing
Application
- Can be used as an integration for ITSM (cloud and on-prem)
- Can be launched in E1 from a Composed Page, Native App, or JET
- Can be used to create a custom solution.
Overview
For this article, we will focus on how the information is taken from the moment that the JDE administrator or supervisor enters the user information (first level).
In the second level, in order to automate processes in JDE Enterprise one, these two systems, JDE – Enterprise One and JDE Orchestrator studio, need to interact with each other to share information needed to create a JDE user.
The third level shows the individual orchestration calls that will be processing all the inputs to create a JDE user in different applications within the JDE Enterprise One.
In the fourth level, once the information is entered into the JDE database, the specific orchestration will send an email notification to:
- New user: indicating their UserID and temporary password to access toE1.
- Supervisor/administrator: information about the new user, indicating that a new user has been created, new address number, new user ID, roles assigned to them, and system security parameters set up to the new user.
User Provisioning Process Using JDE Orchestrator Studio
The purpose of this use case or case scenario is to automate through different orchestration calls and automates the process of setting up a new user into JDE Enterprise One using JDE Orchestrator studio.
This process includes storing the user information in different applications that are required to get an individual system user access to Enterprise One JDE system through a user ID and password.
Create a single API or one orchestration that will take all inputs and create the user in one step.
Architecture & Process Flow
Architecture within E1 high level overview
This is a high-level overview of the architecture within JD Edwards Enterprise One.
Zoom in on Process of User Onboarding
Focusing on the third level of the user onboarding, there are 4 different individual orchestration calls that are used to register the information of the new user in different application within the JDE1 (in this case there are 4, but it could be adapted or modified to have more orchestrations based on a customer’s requirements).
As shown in the slide, looking at each orchestration, we can see that each has its own set of inputs. Each orchestration call developed into the JDE Orchestrator Studio will use their inputs (required and/or optional) to process the user information into the right application within the JDE Enterprise One.
Individual orchestration calls:
- Create Address Book Record
Create Address Book Record: Using this main application (P01012), the system will create a new address book record for the user. All general information about users such as employees, customers, and suppliers, among others, is stored in different database tables in JDE. This general information as inputs includes first name, last name, email address, addresses, phone, type of user, and others.
- Create User ID
Create User ID: Using main application (P0092), and the new address book number of the previous steps, the orchestration will automatically create the User ID. This User ID can be configured in many ways and upon request of the customer:
- By using the new user’s information, such as initials of the new user(First and last names) e.g. JSMITH,
- By using the address number as a User ID,
- A combination of the initials and the address book number.
- Users with same initial names may have User ID with last 2 numbers of AB#, e.g. JSMITH – JSMITH84.
- Assign Role to New User
Assign Role(s) to new user: Using application (P95921), one to multiple roles can be assigned to the new user ID (created in the previous step). Assigned roles need to be set up with an effective date, expiration date (If required) and other fields can also be entered.
- Create System User
Create System User: Using the application (P98LPSEC), the inputs entered in this orchestration call available for this process and gets the previously created user ID to set up the security parameters of the new user to access to the Enterprise One system. These security parameters may include user status in the system, data sources, password information, and others.
Orchestration Details
User Provisioning: Individual Orchestrations Calls from E1 Composed Page
The previous orchestration calls can be accessed from the composite page of JDE Enterprise One. A composite page is created and configured to call the different individual orchestrations that at the same time will need and share information between them.
For this case scenario and demo, we are using composite page from E1. However, user creation process can also be launched from Native App, or JET.
Zoom in of each of the Orchestrations
Each orchestration call has its own type of process and individual forms, where the information (inputs) will be entered by the JDE supervisor or administrator. Some orchestrations will need more complex processing in order to get business data records into the JDE Enterprise One database. As a result, business data will be displayed in each of the applications that are needed for the user provisioning process.
Individual Orchestration Call 1 – Create Address Book Record
As shown in the picture, entering the general user’s information, the orchestration will create a master record of the new user, have a new address number record for each new user, will allow the orchestration to create phone numbers, emails, and addresses, among others, that will be part of the process in each component of the orchestration.
The new address book number and general information about the new user is displayed in the specific application.
Orchestration components:
2 = Create User Profile
3 = Add User Phone
4 = Add User Email
Individual Orchestration Call 2 – Create User ID (short)
As shown in the picture, this orchestration call will need the previously created address book number in the specific orchestration. The orchestration will get the information from the address book application, and through a custom request component, it will link the first and last names (initials) of the new user. When the User ID is created automatically, the orchestration will look up the table of the correct application first to see if the User ID already exists in JDE E1 or not. Regardless of the existence of the User ID, the orchestration is configured to find and create a unique User ID to avoid errors or duplicated data into theJDE E1.
User ID linked to a specific address number is displayed in the specific application.
Orchestration components:
2 = Get info from Address Book
3 = Custom Request. Link First/Last name - Initials (First & LastName)
4 = Data Request to check for Unique User ID
5 = Rule to seeIf User ID doesn’t exist
8 = Create User ID profile
6 = Custom Request. Function to add the last 2 digits of Address Number to make the User ID unique.
7 = Create User ID
Individual Orchestration Call 3 – Assign Role to User
In this orchestration, the JDE supervisor or administrator will enter the previously created User ID and assign the roles to the specific user. One or multiple roles can be assigned to the new user.
Once the orchestration receives the specific inputs, it starts processing through each orchestrator component, looking into the right tables, and making sure the role is not already assigned to the specific user ID. As a result, the role or roles are assigned and displayed into the application.
Orchestration components:
2 = Get info from Role Relationships
3 = Rule to see Role already assigned to user
4 = Assign array of role(s) to user
5 = Inquiry roles assigned to user
Individual Orchestration Call 4 – Set up System User Security Parameters
This orchestration call is more complicated. Once the JDE supervisor or administrator enters the User ID and other security parameters, this orchestration calls sub orchestrations internally, that at the same time, processes the information into different components to enter business data that is needed to set up the system security for the user and long User ID (username – eg. Joe.Smith) profile as well. This internal orchestration can be configured earlier in other orchestration calls as long as the short User ID is created.
Some Components Needed in the Orchestration:
2 = Get info from User Security
3 = Get info from User/Role Profile
4 = Custom Request. Generate password for User
5 = Setup User Security parameters.
6 = Sub orchestration called to create user ID long profile - username
7 = Get info from user preferences to get user ID short and Address Number
8 = Get info from address book
9 = Get Who’s Who userEmail
10 = Get user credentials and generate email to be sent to new user.
11 = Sub orchestration called to send information via email of new user information to the supervisor.
Notification to User and Supervisor
Orchestrations generate emails that are sent to new user and administrator or supervisor.
Specific component and sub orchestration shown above, each of them processes and sends an email notification to the new user indicating the user ID and temporary password to gain access to JDE E1. It also sends an email to the supervisor about the new user and their information.
User Provisioning: Call Orchestrations in ONE E1 Composed Page
This is another way to process the user provisioning. Instead of calling the orchestrations calls forms individually, a single API or one orchestration is created to take all inputs and create the user in one step from JDE E1 composed page.
Internally, a single orchestration is kicked off to process the inputs entered to create a user through different sub orchestrations.
At the end of the user provisioning, new users will get an email notification with their new User ID and temporary password to access for the first time into the JDE E1. After that, based on the set up of security parameters, users will be required to change their password.
SCREENSHOTS DEMONSTRATION
Notification sent to user and supervisor via email:
New User:
Email to Supervisor:
User Accessing JDE E1 for the first time:
Password Change Required
JDE Access for User