We have a green fields environment (kinda) in which our Active Directory is currently the most canonical source of people information. As our organisation grows to 400+ employees we need a way to manage these users more effectively. That is, we ideally want:
- Somewhere to store people information and the hierarchical relationships that exist between the users - (eg, user/supervisor relationships/department relationships)
- A way to uniquely identify users across disparate IT systems
- A way to automate certain events in the user lifecycle such as onboarding, name changes, department changes, termination etc
Ideally the vision is that user updates are made in a single system and those changes would flow out to or trigger events in others as necessary. (For example, a new user would get created in the master system and they'd get added to ActiveDirectory and the Document Management system automatically.) We also need to publish each user's attributes in a way that's more accessible than AD.
In previous roles, a central HR system has been the place for this. The HR system would be the first place in which any new user is stored and the ID generated within that system would follow them wherever they go. Is this still a good approach? If so, what are some techniques or technologies that work best to facilitate the flow of this information from a source system into Active Directory and beyond?
