Authorized Requestors User Group 2/17/2019 Authorized Requestors User Group Theresa Butler| theresa_butler@harvard.edu |November 15, 2018

Agenda Welcome Client Services Team Updates Security Insiders Program 2/17/2019 Agenda Welcome Client Services Team Updates Security Insiders Program Yearly Access Review Contingent Workforce/Field Glass Miscellaneous updates

2/17/2019 Client Services Team Mike Kiley – Sr. Business Analyst supporting Financial operations and B2P project Nick Mazzeo – Business Analyst supporting Oracle, OBI, My.Harvard operations and ECM project Lori Thompson – Sr. Business Analyst supporting CSMA, PeopleSoft HR, GMAS operations and My.Harvard operations and upgrade Kyle Angstadt – Business Analyst supporting My.Harvard upgrade and operations, PeopleSoft HR operations and releases Mike Dugan – Associate Business Analyst Veronica Surette – Sr. Business Analyst supporting communication and documentation including the Client Services website. She will also be providing back up to the many applications we support Ana Dias – Associate Business Analyst supporting HUBS, Aspire and ECM project

Security Insiders Program Security Insiders are community allies who promote security in their own groups across the University

Yearly Access Review (YAR) 2/17/2019 Yearly Access Review (YAR)

2/17/2019 Yearly Access Review Authorized Requestor (AR) responsibility for certification: As stewards of users security information for your tub, Authorized Requestors are responsible for ensuring that systems access is commensurate with a person’s job function. You are certifying that you have reviewed the access rights for appropriateness based on day to day job responsibilities for all users in your Tub for the application(s) you oversee (i.e. Oracle, PeopleSoft (Contingent Workforce administrative access through PeopleSoft), GMAS, Concur and OBI). You are also certifying that you have requested access be revoked or modified for those users where the access is no longer appropriate (requests should be submitted through the normal request process)

Yearly Access Review (continued) 2/17/2019 Yearly Access Review (continued) You will need to save your supporting evidence of your review and any modifications you make (i.e. list of users that were modified, what was modified and request date of modifications). This will be subject to a review by PWC during the FY19 audit. Run Oracle Financials User Security (FO) in OBI to certify for Oracle Run the GMAS User Security Report in OBI to certify for GMAS Save the report (preferably as a PDF) You can print or save a copy of the report and make notes of any changes that are made (this will evidence the changes and will be needed for PWC audit as supporting documentation) Provide a Report ID on the certification form that represents the report using application_tub, i.e. OBI_RAD, Oracle_RAD

Yearly Access Review (continued) 2/17/2019 Yearly Access Review (continued) Concur reports will be distributed by Client Services via email to the appropriate Tub/Dept AR this week. You will need to save your supporting evidence of your review and any modifications you make (i.e. list of users that were modified, what was modified and request date of modifications). This will be subject to a review by PWC during the FY19 audit. Review the reports sent by Client Services Save your report You can print a copy of the report and make notes of any changes that are made (this will evidence the changes and will be needed for PWC audit as supporting documentation) Provide a Report ID on the certification form that represents the report using application_tub, i.e. Concur_RAD

Yearly Access Review (continued) 2/17/2019 Yearly Access Review (continued) Certification in PeopleSoft One AR per application, per tub will be assigned the role to process the certification The certification email will be sent and will include all information you will need to certify: Certification instructions A copy of this presentation List of ARs that will be granted the role in PeopleSoft

Yearly Access Review (summary) 2/17/2019 Yearly Access Review (summary) How do I certify? Once you complete your review and modifications (if applicable) you will need to log into PeopleSoft and complete the certification form Who should certify? One AR per tub, per application should submit the completed certification in PeopleSoft When are certifications due? Certifications are due no later than Friday December 15, 2018

Yearly Access Review OBI Report Demo

Audit User Access in Fieldglass (FG) by Running These Reports 2/17/2019 Audit User Access in Fieldglass (FG) by Running These Reports FG Report What it shows Comments | Helpful Hints HU-System Users All users created between specified dates, their FG roles, whether they are open (active) or closed (inactive), and if they have any proxies or supervisors who can take action on their behalf Users set their own proxies, selecting from a picklist of other FG users. The supervisor of each user (if there is one) is imported from PS to FG. If the supervisor is also a FG user, their name is shown, and they “inherit” Action Items if the user terms. If there is no supervisor, or the supervisor is not a FG user, the value of “Administrative, Yoh” is defaulted in. In this situation, Yoh will “inherit” Action items if the user terms. Tub Ownership Audit* Who is the assigned Tub Owner for the 3-digit CoA Tub Can approve transactions >$250K. Should be senior level person and have a proxy as back-up. There may be multiple users with this role, but only one, as shown on this report, is associated with each tub for approval purposes Org Ownership Audit* Who is the assigned Org Owner for the 5-digit CoA Org Can approve transactions >$10K. Should be a responsible administrator and have a proxy as back-up. There may be multiple users with this role, but only one, as shown on this report, is associated with each org for approval purposes Reporting User's Tubs The tub(s) that the reporting user is allowed to report on in Fieldglass. Reporting Users are typically set up in FG so that they can report on all orgs in their home tub. There are a few users in CADM who can report on all tubs, all orgs. The relationship of orgs to tubs for Reporting Users is being maintained manually by Yoh in FG at this writing. Reporting User's Orgs All of the orgs that are associated with a reporting user’s tub Talk points: There are 5 reports in Fieldglass that allow HR Authorized Requestors and others to audit user access. Assuming the HRAR has appropriate Fieldglass reporting access, s/he can run these reports on demand at any time. Log in to Fieldglass from: https://hr.harvard.edu/contingent-workforce or the bottom of any page on hr.harvard.edu, using your Harvard Key. Once in Fieldglass, go to Analytics, and search/select one of the following reports. *If no one is assigned, FG defaults in the value of “Administrative, Yoh” as a temporary measure. This value needs to be replaced with a Harvard owner at your earliest convenience, by submitting a request to HUIT Client Services via PS.

Fieldglass Reports Display these Fields HU-System Users Tub Ownership Audit Org Ownership Audit Reporting User's Tubs Reporting User's Orgs Name Tub Org Username Tub Code Org Code Role Email Tub Status Org Status Primary Tub Tub Owner Org Owner Permitted Tub Primary Org Primary Supervisor Org Owner Username Permitted Orgs Proxy User Proxy User Email Address Create Time Last Login Time User Access to Tubs User Access to Orgs User Status

Miscellaneous Updates AR training ROPPA training will be mandatory for all FIN Authorized Requestors Buy 2 Pay (B2P)

Q&A – Next Steps Questions 2/17/2019 Q&A – Next Steps Questions All of todays materials will be sent to all of you by email and will be posted on the Website by the end of this week