User Management SOP
Overview
This document describes various users of the HCM system and lays out the processes to manage the access and provisioning-related aspects. Broadly, the users can be categorised as permanent users of the HCM system who will be identified by their individual usernames and passwords, and the users who will be provisioned in the system for temporary durations and identified by the codes assigned (henceforth referred to as coded users). The user management module of the HCM platform will provide the interface to create and manage all types of users.
Types of Users
User type | Role-mapping in DIGIT
| What they will do | Organisation | Type of access |
Supervisor-National | Dashboard user at the central level | Use the dashboard at national level, that is, all the provinces | NMCP | Web user |
Supervisor-Provincial | Dashboard user at the provincial level | Use the dashboard at the provincial level, that is, their individual provinces | NMCP | Web user |
Supervisor-Provincial | Dashboard user at the district level | Use the dashboard at the district level | NMCP | Web user |
Supervisor-Local Monitors | Dashboard user at the village level | Supervisor to field teams | Temporary workers | Mobile app |
Registradors | Registrar | Part of distribution teams | Temporary workers | Mobile app |
Warehouse users-National
| Warehouse manager role but tagged with the national boundary | Keep stock of inventory for the facility they are managing | Temporary workers | Mobile app |
Warehouse- Provincial | Warehouse manager role but tagged with the provincial boundary |
|
|
|
Warehouse-District | Warehouse manager role but tagged with the district-level boundary |
|
|
|
Warehouse-Community | Warehouse manager role but tagged with the community-level boundary |
|
|
|
Logistics-They ship material between warehouse and teams, that is, the movement of stock | In terms of the actions they are performing, they are the same as warehouse managers |
|
|
|
Helpdesk users (L1, L2) | Access to the complaints inbox based on their level | Take, resolve, reject or escalate technical queries from different users | CHAI country team | Web user |
Temporary users provisioned for UAT with different role action mappings |
|
| NMCP | Access based on their roles |
Temporary users provisioned for trainings with different role action mappings |
|
| NMCP | Access based on their roles |
Provisioning Process for Each User Type
Supervisors at Central, Provincial, and District levels
Information is sent from NMCP to CHAI for provisioning via email.
CHAI provisions the users and sends the list of created users back to NMCP.
Local monitors
CHAI sends the list to eGov before the campaign for bulk provisioning.
eGov will send the list to CHAI after provisioning with codes and defaulted passwords.
During the campaign, the CHAI help desk will provision the new local monitor or LM, (if any), using the DIGITs user management UI.
These will be deactivated from the system once the campaign ends based on inputs from CHAI team.
Note: All communication is to be via email.
Registrars
CHAI sends the list to eGov before the campaign for bulk provisioning.
eGov team will do the bulk provisioning using backend APIs.
eGov will send the list of created users to CHAI after provisioning with codes and defaulted passwords.
During the campaign, the CHAI help desk will provision the new LM (if any) using the DIGITs user management UI, one by one.
These will be deactivated from the system once the campaign ends based on inputs from the CHAI team.
Warehouse users
Information is sent from NMCP to CHAI for provisioning.
CHAI provisions the users and sends the list of created users back to NMCP.
Help desk staff: With system admin functionality
CHAI sends the list to eGov before the campaign for bulk provisioning.
eGov will send the list to CHAI after provisioning with codes and defaulted passwords.
Temporarily provisioned users for UAT/Training
CHAI will send the list of users to eGov a week before the UATs/training for provisioning into the system.
eGov will send the list to CHAI after provisioning with usernames and passwords.
These will be deleted once the UAT/training is over.
Password Reset Mechanism
For all kinds of users, the password reset would be managed by the system admin, who will be a part of the help desk.
Users who have forgotten their passwords can reach out to the help desk on the designated helpline number and request a new password.
System admin would reset their passwords using a two-factor authentication. The email ID for retrieving the passwords would be the same for all users and would be managed by the system administrator.
The system administrator would regenerate the password and communicate to the users over a phone call or in a WhatsApp group.
Template for User Creation
This would be as per the Master Data template.
Recommendations Around Managing Usernames
A username, once created during user creation, must not be changed.
- Regarding the use of special characters: It is recommended that only commonly-known special characters such as period (.) be used in the username to make it easy to remember.
- Regarding the use of the capital case: It is recommended to use either all lowercase or all uppercase characters to make it easy for users to remember and enter the login credentials (lowercase preferred).
- It is recommended to keep passwords simple (and default to a single value/string) so that mobile app users do not forget the password, and hence, do not face a barrier in using the app.
It has been assumed that user creation for temporary users, who keep changing during the campaign, would be taken care of by the help desk team.
Last updated