×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

This documentation supports the 20.08 and consecutive patch versions of BMC Helix Business Workflows.

To view the documentation for the previous version, select 20.02 from the Product version menu.



BMC Helix Business Workflows 20.08 ... Administering Securing access and addressing privacy

Enabling requester identity validation

In BMC Helix Business Workflows, a case business analyst can enable the identity validation of requesters who request for services and for whom the case agents create cases. Before a case agent creates a case for a requester (or an employee in an organization), it is important that the case agent validates the identity by entering a Personal Identification Number (PIN) that the requester provides. Requester validation ensures the following:

  • The requester is an actual employee and not a fraudulent person who requests a service on behalf of an employee.
  • The case agent does not share any employee-related or sensitive information with a fraudulent person like employee bonuses, benefit policies, reimbursements, and so on.

By default, identity validation is not enabled. An administrator or case business analyst enables identity validation in the following ways:

RoleHow to enable identity validation
AdministratorEnable identity validation globally (for all cases that cases agents create with or without case templates)
Case business analystEnable identity validation in case templates (for all cases that case agents create with case templates)


When identify validation is set globally and at the case template setting, the following table describes the precedence and behavior of identity validation for settings at both the levels:

Global level setting0 (Disabled)1 (Optional)2 (Enforced)
Case template settingBehavior of identity validation
NoneNoneOptionalEnforced
OptionalOptionalOptionalEnforced
EnforcedEnforcedEnforcedEnforced

If a case template is not selected, the identity validation set globally is applied.

Important

Identity validation that is set globally is applied only to new cases and not to the existing ones.

Before you begin

As an administrator, ensure that each employee in your organization has a PIN. PIN value can be alphanumeric and has a maximum length of 30 charactersYou can set the length and pattern of the PIN values for the employees of your organization as per your choice. For example, you can decide to use a PIN value of five characters with one alphanumeric character and four numeric characters.

For more information about assigning a PIN, see  Creating or modifying Person data Open link .

To enable identity validation globally

  1. As an administrator, log in to BMC Helix Innovation Studio and navigate to the Administration tab.
  2. Select Administration > Common Services > Configurations.

  3. On the Configurations page, click  beside the IDENTITY_VALIDATION configuration.

    Best Practice

    We recommend that you do not modify the default field values in the Configurations section.

  4. Expand Configuration Values, click , and complete the following fields:

    FieldAction
    Configuration OrderTo ensure that your configuartion is used as default, enter a value between 1-999. For multiple configurations, it determines which configuration is used as the default. The order range is 1-1000, with 1 as the highest order value and 1000 as the lowest order value. The default value of this field is 1000. Enter a value between 1-999 to ensure that your configuration is used as default.
    Configuration ValueTo see whether the identity validation is enforced or optional, you can specify one of the following values:
    • 1—Identity validation is enabled, but it is optional.
      A Case Agent can skip the validation. However, while creating a case, the agent cannot view the requester details, previous cases of the requester, and related cases and knowledge articles.
    • 2—Identity validation is enabled, and it is enforced.
      A Case Agent cannot proceed with a case without first validating the requester's identity.

    The default value of this field is 0 and it indicates that the identity validation is disabled.

  5. Enter the details in the fields and click Save.

To enable identity validation in a case template

  1. Log in to BMC Helix Business Workflows.
  2. Click My Application Settings .
    The Settings page opens in a new browser tab.
  3. Navigate to Case Management Case Templates.
  4. From the Case Templates page, open the required template.

  5. Edit the Template Metadata section, and in Identity Validation, select one of the following options:

    OptionAction
    NoneDisable requester identity validation. While creating a case, if identity validation is disabled at global and case template level, the Validate option does not appear on the case template.
    This is applicable only when the global level setting for identity validation is set to 0 (Disabled).
    OptionalMake requester identity validation enabled and optional. While creating a case by using Quick Case, if a case agent skips the validation, the agent cannot view requester details, previous cases by the requester, or related cases and knowledge articles.
    This is applicable only when the global setting for identity validation is set to 0 (Disabled) or 1 (Optional).
    EnforcedMake requester identity validation enabled and enforced. A Case Agent cannot create a case without validating a requester's identity.
    This is applicable irrespective of the global setting for identity validation.
  6. Save the template.

Setting PINs for requester identity validation

You can set the PIN values for identity validation by using different ways. An administrator can directly configure and change the PINs for the employees in the organization. However, if you have a large number of employees, setting the PINs manually becomes difficult. In this case, you can use the REST API to capture the employee PINs by using your own employee portal. This also enables you to define the format of the PIN based on your organization's policies. You can also use a bulk update for the employee PINs by using your own batch jobs by calling the same REST API. Alternatively, you can also use JAVA code to generate the PINs for the employees.

Following example illustrates a REST API command of how a PIN value can be set.

Request URL

http://<hostname>:<portname>/api/rx/application/record/recordinstance/applicationURL:EmployeeName/EmployeeID


Where:
hostname is the name of the host computer on which BMC Helix Platform is installed.
portname is the port number assigned to the application server.
applicationURL:EmployeeName/EmployeeID is the sample pattern of the URL with the name and ID of the employee.

Request headings

  • Content-Type—application/json
  • X-Requested-By—Client Type ID

Request body

{ "resourceType": "com.bmc.arsys.rx.services.record.domain.RecordInstance", "id": "IDGAA5V0HI5R3ANAUDRBTI0SMOC7P6", "displayId": "1", "recordDefinitionName": "com.bmc.arsys.rx.foundation:Employee", "fieldInstances": { "1000003975": { "resourceType": "com.bmc.arsys.rx.services.record.domain.FieldInstance", "id": 1000003975, "value": "12345678" } } }

For more information about setting the PIN for requester identity validation using the JAVA script, download JAVA code for identity validation.

Best Practice

BMC recommends that you set the PIN values for requester identity validation by using REST APIs or JAVA code.

Related topics

Troubleshooting application access and usage issues

Troubleshooting errors


Was this page helpful? Yes No Submitting... Thank you
Last modified by Poonam Morti on Sep 23, 2020
validate validation requester employee identity verify enforce enable administrator business_analyst case template global enforcement common_services configuration values details order value pin personal_identification_number unique length type_of none optional externallink best_practices roles_and_permissions help_common_configuration

Comments

Log in or register to comment.

Addressing data privacy requests in BMC Helix Business Workflows
Adding HTML tags and domains to the allowlist
© Copyright 2017 – 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.