Joiners, Movers, Leavers - JML
Organisations often have hundreds if not thousands of applications that all require some form of user management, Cutover is no different. From a control point of view, automating the user management, especially when users move within or leave the organisation is hugely important to ensure that they don't retain any privileges that are no longer required.
Solution
The Cutover API allows you to efficiently manage your Joiners, Movers, Leavers process. Let’s break this down:
Manage your onboarding process
We have various endpoints to not only provision users, apply all the relevant roles required and also manage the roles of your users. Here are some options on how you can use these API’s in your organisation today, trigger the endpoint to create a user from a HR system that gives instant access to new joiners or you can build a request form that triggers the creation of a user.
Movers process
The Sync roles for a user API can be used to revoke current role access. You can also provide new role access for staff moving to a new department or if they have been promoted.
Leavers Process
The Cutover API can be used to immediately revoke user access. The List Users API can be used to identify which users need archiving. This can be triggered off a third party system that manages the lifecycle of a user.
Recipe
Available endpoints
This endpoint retrieves attributes associated with multiple users. This is a great way of keeping a record of your users before you initiate the archive.
This endpoint allows you to create, update and delete user roles. Using Get Roles for a user, the response from the API can be used in sync roles for a user to reapply roles. Just in case you accidentally archive an active user you have the ability to roll back.
This endpoint retrieves the roles associated with a single user. This is a great way of keeping a record of the roles the users have before you initiate the archive.
This endpoint allows you to update the attributes of a user. This can be used to change surnames, mobile numbers etc.
This operation archives a user in your instance by ID or email address. Archived users will no longer have any sort of access to your instance or receive any kind of communications.
This endpoint creates a new user in your instance. This endpoint can be used to apply roles relevant to the user.