Linked user profiles or access roles
Using these settings, users can occupy another role or another user.
- 1 Set up additional access roles (available in Employee Management only)
- 2 Set up status as alternate (available in Employee Management only)
- 3 Set up linked user profiles within umantis
- 4 Link a umantis user profile with a profile on a third-party system
- 5 Switch between linked profiles
Using the link to Set up additional access rights to this employee, an additional access profile with permissions for modules and organizational units can be set up for any user. Each profile should have a label that is as informative as possible, so that a user can rely on these labels when selecting among their profiles and be sure to select the right access profile.
This additional access profile is only an extension of a user profile, and does not exist as an independent user, i.e. the permissions associated with the main profile remain unchanged and are supplemented with the permissions from the additional role. It can also be added to or removed from the user’s profile by means of an employee import.
Similarly to an additional profile with its own access rights, any user can be set up as an ‘alternate’ or ‘representative’ for another user. The alternate will then see a link to “CHANGE USER” at the very top of the navigation menu. The employee can use this link to change to the alternate profile and perform actions with the same rights as the employee they are an alternate for, but still under their own name. When switching to “My Profile”, the alternate returns to their own profile and not that of the employee they are an alternate for.
The additional profile as an alternate can also be added or deleted by means of an employee import.
In contrast to the additional access profile, a linked user profile involves a link between two full-fledged user profiles. Both user profiles therefore must be created before they can be linked. Another precondition for linking two user profiles is that a third-party system must be set up. This is required even if the users to be linked belong to the same umantis solution. Register the third-party system in the settings under Interfaces.
Next, navigate to one of the two user profiles to be linked, or into the settings of that employee profile, and click on Set up access to another user profile in ... To link to a profile in Applicant Management, all you need is a maximally informative label for the profile to be linked, the user ID of the profile to be linked, the home page where the user should land after switching, and the choice of third-party system that the profile to be linked belongs to. To link to a profile in Employee Management, you will also need the source system key of the profile to be linked. You can find it in the settings for the employee from which you want to create a new link.
When linking two user profiles, the connection should be set up in each of the two profiles to point to the other. This is the only way to ensure that the user can switch back to their original profile after having switched to another.
Link a umantis user profile with a profile on a third-party system
If you want to allow a user to switch from umantis to a third-party system with a single click, you can go into the settings and set up a direct link in HTML by clicking on Set up third-party system under Interfaces. You can use up to five parameters that can later be saved for each user link.
Next, navigate to one of the two user profiles to be linked, or into the settings of that employee profile, and click on Set up access to another user profile in third-party system. There, in addition to a maximally informative label for the profile, you must enter up to five additional parameters, depending on the third-party system.
Once a user has been provided with at least one access to another user or access profile, that user will see the SWITCH USER PROFILE link in the top navigation bar.
For users that occupy more than one role, administrators can provide access to a ‘switch profile’ link on the corresponding home page (/SelfService, /SelfServiceLine, /SelfServiceRecruiter and /SelfServiceBoard). In order for the link to be visible and usable, the user must have appropriate access permissions for the given view (with no visibility restrictions activated).
Cannot switch users via PKI
When authentication via PKI is in place, it is not possible to truly switch users, because the user is identified by means of the browser certificate, and a certificate can only be assigned to one user. This reinforces the security of this approach.