Jump to content

AD Groups in Hornbill/interacting with User records through BPM


Guest Paul Alexander

Recommended Posts

Guest Paul Alexander

Here's our scenario 

Our Finance team has to read and accept an anti-blackmail policy every year. I've been asked if there is a way of getting this set up as a request in Hornbill, and I'm sure it can't be done just at the moment but here's a process that I think would work if a few things were made possible in Hornbill (along with a few questions! - bear with me...):

  1. These people are all in a specific AD group.  Is there any chance of getting these groups in to Hornbill?
  2. Using a BPM, search the users in this group and look at a specific attribute (custom field?) to see if the value of that corresponds with whether that particular user has accepted the policy (1 = yes, 0 = no). Are there any plans to get a BPM to be able to 'get' a user record?
  3. For each person in this group where the custom field equals zero, email them with a link to a Catalog Item on the Portal which they must follow which will log a ticket against their name (once they've agreed to the Policy). Once logged, this ticket follows a BPM which will then update the Custom field in the Customer record to say that the policy HAS been accepted.
  4. Run the first BPM on a schedule to make sure that people are picked up on a regular basis. Is there going to be a scheduler? I've seen quite a few older posts about this, but nothing recently.  

I realise that there are a few 'questions' in this request......but I thought maybe someone might like a challenge on a Friday ;)

TIA

 

 

Link to comment
Share on other sites

Would a better process involve an expiry date on a policy held in Document Manager triggering a Change Process in Service Manager with Update, Review, Accept and Publish stages, finally storing the updated document as an updated version?

I'm not saying that is currently possible but it sounds like a practical way of using the tools we already have.

Link to comment
Share on other sites

Guest Paul Alexander

@DeadMeatGF

That would certainly be an option. We'd still have to be able to dynamically add interested parties to the document (which, at the moment is an AD group with people arriving and leaving at various times) but it's a good starting point. Thanks.....

Link to comment
Share on other sites

Hi @Paul Alexander

Most of these things are possible within Service Manager, so I will run through these first, but then the process may need looking at to get it to work for you. 

Firstly you can get the AD groups into Service Manager. Using the LDAP import script you can import different groups into different departments, or any other group you wish which will store each group in Service Manager in the same way as your AD. If the names in the AD groups are the same as the ones in Service Manager then they will match  up, or you can split the ldap import script into multiple scripts so that each one only looks at a particular AD group and the department (or whichever type of group you choose) will be hard coded so everyone in that import will be added to the group hardcoded into the script and the group names can be different (and you then have multiple scripts of course).

Using the BPM you can query a users details using the get information automated task node, so providing the details have automatically updated into a custom field for example from your daily LDAP import, then your bpm can query that and make the decision you require during the BPM lifecycle. 

Step 3 is where it gets tricky, because the ticket needs to be logged before the BPM can start. However, if all finance members need to read and accept this policy every year, I would recommend simply emailing the relevant details to the entire team which can include the catalogue item that they will need to go through to read and accept. By logging the call each team member will be confirming that they have read and accept the policy for that year. 

I would always recommend that you leave the users as read only within Service Manager, because the LDAP import will overwrite them the next time it runs anyway. So once a team member has logged the call it will get passed to yourself or another member of your team, and then the task will be to update the relevant value in AD (if you even need this). Alternatively as this is simply to make sure that they have done this, you could just run a report or configure a view/chart on your personal request list dashboard to see who has not logged a ticket against that catalogue item from that team, and this will give you the same information but very quickly and easily. 

So it is possible in Service Manager absolutely, but I would recommend simply emailing the entire team with a link to the catalogue item (this can be via the system or not, whichever is easier for you) and then simply report on who has not logged a call against the catalogue item. Once everyone has logged against that catalogue item then that catalogue item can be hidden until the following year when the process has to start again. As you already know the tickets that have been logged will be there forever more, so you can easily pull back the confirmations for every year and team member if required to do so.

Just the way I would do it to keep things simple and repeatable, but as DeadMeatGF mentioned there are other tools available which may work better for you. Maybe even a combination of Service Manager and Document Manager? The choice is yours - let us know how you get on

 

Link to comment
Share on other sites

Guest Paul Alexander

Hi @conorh

Thanks for that...I have to admit, I didn't realise you could import AD groups....that's a revelation and a great thing to know. I'll keep you posted on whether I get this working or not and whether I need more help (which I'm sure I will!)

 

thanks again 

Link to comment
Share on other sites

Guest Paul Alexander

Hi @conorh

 

Hello again.....I may need some help with importing Groups I'm afraid....do you have any detailed instructions on how to do this and what to expect to see in the c-workers/customer record in Hornbill please?

 

thanks

Link to comment
Share on other sites

Hi @Paul Alexander

Apologies I completely missed this. There was a new release of the LDAP user import script released yesterday which may help you with this too, all details and necessary files can be downloaded from here - https://github.com/hornbill/goLDAPUserImport

Ok so there are 2 methods I would use to import multiple AD groups - either to match the names of the groups in AD to the names of the organisations in Hornbill, or to split the imports up and hardcode the group names.

The first method is the easiest but requires your AD data to be up to date and spelt correctly. In AD each customer will need an attribute that specifies which group they are in i.e. finance in the Department field. If the organisation in Hornbill is also Finance then the orglookup function in the import script will simply match the AD string with the Hornbill group and that customer will then be automatically linked to the Finance department. Providing all the organisations in Hornbill match the all values in the department string in AD then all customers will then be linked automatically to their relevant groups. The latest import script will automatically remove previous associations if this changes in the source (AD), and add the customer or user to the new group as specified in AD if necessary.

The second method involves creating  multiple import scripts, and rather than using a variable for the orglookup i.e. department, it will use a hardcoded value. Any value in the mapping that has square brackets [variable] will use the variable from AD, and any value that has Quotation marks "hard coded" will be the string that goes in for every customer imported on that script. So this method will be more exact, but there may be more import scripts to manage. To set this up I would use the filter at the top of the import script to only select users from a particular group in AD, or use the DSN search root that will only select users from a particular group. Either way you will only be looking at a subset of customers in your AD per import script. In that import script then hard code the group that every customer in that script will be part of by putting the group name (that will need to match the group name in Hornbill) in quotation marks in the Atrribute bit of the orglookup function at the end of the import script. This will mean that every customer that is imported in that script will then be a part of that organisation. You can have as many scripts running each hour/day/week as you want, but remember that each user will have their group set on the last import that runs - so if I was in 2 different import scripts for whatever reason, then I would be a part of the group specified in the last import script that runs with me in it. In theory all customers should be imported in different scripts, so this shouldn't be an issue, but if you do need multiple group associations then the latest import script can cater for this with the "OnlyOneGroupAssignment" function in the orglookup bit.

Either method will enable you to import multiple groups, but it sounds like you will need the second method so you can definitively put that group of AD users into this Hornbill group. You can also filter the source down to one user record (using the filter or the DSN at the top of the script) to test how it works first before rolling it out to multiple users and groups, but it is straight forward once you have set it up once because you can then use that tested script as a template and tweak the filter/DSN and the hardcoded group names.

I hope this helps, lots of detail but this will give you the outcome you are looking for (and anyone else with similar requirements).

Kind regards

Conor

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...