Taskboards - Personnel events¶
The Personnel Events page (System Configuration > Taskboards > Personnel Events) allows you to configure settings and workflow rules that affect personnel events. The page has two tabs: Settings and Workflow.
Settings¶
| Option | Description |
|---|---|
| Allow provisioning of personnel events to begin ___ days before they are needed | Allows you to define the number of days in advance provisioning can begin for a personnel event (1--99 days; default: 7). For example, if Jane Doe is starting in 3 weeks, a scheduled personnel event can be added today. The date the request needs to be completed is defined within the personnel event and would be set for 3 weeks out, but this setting determines how many days before the completion date the access requests are created and the provisioning team is notified to begin working. So, if this is set to 7 days, the personnel event might need to be completed in 3 weeks, but the provisioning of the event would begin 7 days prior to that. |
Note
This setting applies to any event where the employee's entry back into the office is expected, such as onboarding, leave of absence return dates, change requests, and when someone transitions into a new role. It does not apply to events such as offboarding or transitioning out of a role.
Workflow¶
The Workflow tab defines which organizational roles must approve or verify each personnel event type before provisioning begins. Rules are configured separately for each event type: Onboard, Offboard, Role Transition, and Leave of Absence.
These rules act as workflow templates — every time a personnel event of that type is created, the system automatically generates the appropriate approval and verification steps based on the configuration here. This ensures that the right people are always involved before access is granted or removed, creating a consistent, auditable process across the organization. These are just a few examples of when you may want to configure workflow rules:
- You want to require a supervisor to approve an onboarding event before the Provision Team begins work
- You want to require the Security Team to verify that an offboarding was completed correctly
- You want a department manager to approve role transition events for identities in their department
- You want certain team members to be able to view personnel events without requiring them to take action
To create a workflow rule, enter information into each field as described below:
| Field | Description |
|---|---|
| Add [watcher] | Determines the type of workflow rule being created. Select this field to pick one of the following options:
|
| Rule for [onboardings] | Determines which type of personnel event the rule applies to. Select this field to pick a personnel event type (onboardings, offboardings, role transitions, leave of absences) |
| Where [Security Team] | Determines which role the rule applies to. Select this field to pick the role. See Roles for the available options. |
| is [always] | Determines whether the selected role is always able or conditionally able to watch, approve, or verify personnel events. Always (default) means a person in this role must always respond. Conditionally means a person in this role must respond only when certain conditions within the Critical Attributes and Ambiguous Access Models Models areas are met. Note: The conditional option is not supported for Offboard or Leave of Absence events — approvers for those event types always respond. |
| required | Required - (default) applies a strict workflow, meaning the approver or verifier must respond on every event of the specified type, regardless of whether a person in that role exists. For example, if a department manager is required to approve all personnel events, but a department manager has not yet been defined in the Manage > Managers area, the personnel event will stay in the Approval status until someone is assigned and approves the personnel event. Required if present - the approver or verifier must respond only if a person in that role exists for the identity associated with the event. For example, if a supervisor is 'required if present' to approve all personnel events, and you onboard an auditor who doesn't have a supervisor, the approval process is skipped for that onboarding event. Note: For Onboard events, Security Team verification is always required when no other verifier rules are present. This built-in rule ensures that at minimum one person confirms the new identity's access is correctly provisioned. |
| Add Rule | When the rule is defined as you would like, select the Add Rule link to add the rule below, where it can be further defined. |
Critical Attributes¶
The Critical Attributes section applies globally to conditional (Conditionally) approvers for Onboard and Role Transition events. Enable each field that should trigger a conditional approver when that attribute is missing on the target identity.
| Field | Triggers when |
|---|---|
| Profile Photo | The identity does not have a profile photo |
| Company | The identity's company field is empty |
| Division | The identity's division field is empty |
| Department | The identity's department field is empty |
| Office | The identity's office field is empty |
| Title | The identity's title field is empty |
| Supervisor | The identity does not have a supervisor assigned |
Ambiguous Access Models¶
The Ambiguous Access Models section determines when access model selections should invoke conditional approvers for Onboard and Role Transition events. Enable each condition that should trigger a conditional approver.
| Field | Triggers when |
|---|---|
| No access models selected | The identity has zero access models in effect |
| API-reported events with optional access models | An API token creates an event and optional access models are unselected |
Note
If no fields are enabled in either the Critical Attributes or Ambiguous Access Models sections, conditional approvers set to Conditionally will never be required to respond.
Roles¶
When adding a watcher, approver, or verifier, select from the following roles:
System roles:
| Role | Description |
|---|---|
| Security Team | Members of the Security Team group defined in System Configuration > System Authentication |
| Reviewing Supervisor | The supervisor assigned to the identity associated with the personnel event |
| Personnel Manager | Members of the Personnel Manager group defined in System Configuration > System Authentication |
| Provision Team | Members of the Provision Team group defined in System Configuration > System Authentication |
| Reporter | The person who created the personnel event |
Defined managers:
| Role | Description |
|---|---|
| Company Manager | The manager assigned to the identity's company organizational unit |
| Division Manager | The manager assigned to the identity's division organizational unit |
| Department Manager | The manager assigned to the identity's department organizational unit |
| Office Manager | The manager assigned to the identity's office organizational unit |
| Title Manager | The manager assigned to the identity's title organizational unit |