Page tree
Skip to end of metadata
Go to start of metadata

When the person data is imported through the automated workflows, some data remains to be collected, for example to manually add persons that are not registered in the AD or HR system. 

For more information on the roles in the workflows, see Standard roles in PRIME.


Expand/Collapse All

Use cases


 Use case: Enter person data manually

Standard workflow


ActorActionOption
1Registration officerIn PRIME Explorer: Adds a new person and enters the person data.-
2PRIMESaves the person data.-

BPMN process

BaseProcCreateActivateEmployee

Technical references

OptionProcess
Enter person data for employee

BaseProcCreateActivateEmployee (see image)

Enter person data for contractor

BaseProcCreateActivateContractor

Enter person data for visitor

BaseProcCreateActivateVisitor

Enter person data for operator

BaseProcCreateOperator

 Use case: A person needs a new role

Sometimes a user needs to be assigned a new system role, for example to be allowed to approve employee card requests or to use the User Self-Service Portal. This process provides the possibility to assign or withdraw roles to a user.

Standard workflow


ActorActionOption
1User administratorIn PRIME Explorer: Browses for the person. Clicks Modify user roles, and selects the applicable roles.

-

2PRIMESaves the new roles.-

BPMN process

BaseProcModifyRolesManually

Technical references

OptionProcess

Modify role for employee, contractor, visitor

BaseProcModifyRolesManually (see image)

Modify role for operator

BaseProcModifyOperatorRolesManually

 Use case: A person needs a new password to PRIME

Standard workflow


ActorActionOption
1Self-service userIn PRIME USSP: Sets a new password.Goes to the user administrator who sets the password in PRIME.
2PRIMESaves the new password.-

BPMN process

BaseProcUSSPSetPassword

Technical references

OptionProcess

Set new password in USSP

BaseProcUSSPSetPassword (see image)

Change password as user administrator

BaseProcChangePassword

 Use case: A person has forgotten the PRIME password

Standard workflow


ActorActionOption
1Self-service userHas forgotten the password and needs a new.-
2PRIMEResets the default password and sends a new password to the person.-

BPMN process

BaseProcUSSPForgetPassword

Technical reference

  • BaseProcUSSPForgetPassword

Optional use cases

Normally, setting persons to active/inactive is managed in the AD or HR system and handled in PRIME via the automatic import. Optionally, they can be available in PRIME Explorer as manual processes. 

 Optional use case: A person is on temporary leave

Standard workflow


ActorActionOption
1Registration officer or HelpdeskIn PRIME Explorer: Browses for the person and clicks Deactivate.

-

2PRIMESets person to Inactive, removes all roles.-
3PRIME

Optional, for physical ID and digital ID use cases:

Locks any connected cards, exports the card data to the PACS system.

-

4PRIME

Optional, for digital ID use cases:

Locks any software tokens.

-

5CA

Optional, for digital ID use cases:

Revokes any certificates.

-

BPMN process

BaseProcDeactivateEmployee

Technical references

OptionProcess

Deactivate employee

BaseProcDeactivateEmployee (see image)

Deactivate contractor

BaseProcDeactivateContractor

Deactivate visitor

BaseProcDeactivateVisitor

Deactivate employee and physical IDs

CCProcDeactivateEmployee

Deactivate contractor and physical IDs

CCProcDeactivateContractor

Deactivate visitor and physical IDs

CCProcDeactivateVisitor

Deactivate employee and digital IDs

PcmProcDeactivateEmployee

Deactivate contractor and digital IDs

PcmProcDeactivateContractor

Deactivate visitor and digital IDs

PcmProcDeactivateVisitor

 Optional use case: A person comes back after being on temporary leave

Standard workflow


ActorActionOption
1Registration officer or HelpdeskIn PRIME Explorer: Browses for the person and clicks Activate.

Normally handled via the automatic data import

2PRIME

Sets the user to Active.

If USSP is used, then PRIME gives the user the Self-Service User role.

BPMN process

BaseProcReactivateEmployeeWithRoleUSSP

Technical references

OptionProcess

Reactivate employee with role USSP

BaseProcReactivateEmployeeWithRoleUSSP (see image)

Reactivate employee

BaseProcReactivateEmployee

 Use case: A person shall be enabled to use Hybrid Access Gateway

If Digital Access use cases via Hybrid Access Gateway are needed, for example for two-factor authentication to PRIME and other applications, then PRIME can be used as source of identities for Hybrid Access Gateway.

Standard workflow


ActorActionOption
1Registration officerIn PRIME Explorer: Browses for the person and clicks Create Hag-user. The person must be active.

-

2PRIMEChanges the state of the person from Active to HagEnabled.-

BPMN process

BaseProcActivateAndProvisionUserToHag

Technical references

OptionProcess

Create HAG user

BaseProcActivateAndProvisionUserToHag (see image)