Employee Onboarding/Offboarding Process Step Checklist

Purpose: Process Alignment 'Best Practice' Step Checklist for handling employee onboarding in ctcLink. The step checklist works by providing links to the relevant Quick Reference Guide materials in execution order with the addition of links to policy guidance, training information, links to glossary definitions throughout, information on where this process has been customized for our system and will eventually contain the recommendations for alignment from the work of the Employee Onboarding/Offboarding Force. The guide also provides visual aids to better understand what parts of the process must occur before and after travel. 

Audience: Task Force members engaged in aligning the Onboarding and Offboarding processes in ctcLink. 

Working Draft: Not for current use, developing for upcoming task force.

Employee Onboarding Training Available

Training Opportunity for Staff Involved in the Onboarding Process:

  • HR Training:
  • Security Training:
  • Faculty Onboarding Training:
Employee Offboarding Training Available

Training Opportunity for Staff Involved in the Onboarding Process:

  • HR Training:
  • Security Training:
People Involved in Onboarding/Offboarding Visual
Security for People Involved in Employee Onboarding/Offboarding

Employee Onboarding and Offboarding processes are typically done by X different employee roles:

  1. HR Staff who process the hire and separation records in the HCM Pillar.
  2. Supervisor who assist in defining the access needs relative to their job duties the new employee will perform.
  3. Local Security Administrators (LSA) who handle access to ctcLink.
  4. Secondard Security Pillar Staff (Finance Staff User Preference Definition & Student Services staff SACR Secruity).
  5. Travel Admininstrator(s) who prepare the Traveler Profile for new employees.
  6. Training Coordinator who guides new staff in the ctcLink trainings they need to be successful in their position.

Below are the appropriate security roles that each person involved in Employee Onboarding and Offboarding may need access to, including the navigation those security roles will grant that person access to in order to perform their task in the onboarding or offboarding processes:

Don't Forget - Employees will also need to have their security removed when they separate from your college. Please refer to the link below for more information about onboarding and offboarding employees in Travel & Expense in the guide on Expense Processing.

QRG: On and Offboarding Employees in Expenses

ONBOARDING:
Review Washington State Policy Information

POLICY RESOURCES

Although many colleges have local policies, the 

Employee Onbaording process scope visual
Employee Onboarding HR Steps
Manager Hire Notification to HR
HR Establishes Person/Job Data

After the initial job data record is established other departments can commence their onboarding procedures, such as the IT Helpdesk and Local Security Administrators.

Additional HR Setup for Benefits/Payroll/Absence Management/Faculty
Benefit Setup
  • Employee Enrolls in Benefits:
    • Employee provides their desired benefit information to HCA using their 24/7 Site under Employee (Self-Service), such as:
      • Long Term Disability
      • Family Death Benefits - Spouse/Dependent
  • Employee Updates Dependent Information:
    • Employee provides their dependent information to HCA using their 24/7 Site under HCA's Employee (Self-Service). If the data has an issue coming in from the HCA integration file, HR Admins can manually update this information in ctcLink. It will be overwritten by HCA once the integration file properly loads.
  • Enter Union Membership:
  • Create General Deductions:
  • Create Additional Benefit Deductions:
  • Enroll in Retirement Plan:
  • Enroll in an Optional Disability Plan (LTD):
  • Benefit Eligibility (ACA) Setup: Tracking of hours for HCA, for the Affordable Care Act (ACA), to determine whether the employee is being hired to work (designated work assignment) over or under 130 hours per month to confirm the employee is in a "Benefit Eligible" position.
    • QRG: 
Payroll Setup
Leave Setup (Absence Management)
Faculty Setup
  • Instructor/Advisor Table:
  • FT Faculty Contract (Appointment Letter): Contracts are generated outside of ctcLink
  • Tenure Information Setup:
  • Secure Proof of Licensing/Certification: Opportunity for Alignment
    • Currently it is common for Deans and Administrators in Instruction to request and store licenses and certifications for instructors in certain programs, such as Welding, Radiology, Nursing, etc. Those departments notify HR of the receipt of this confirmation paperwork, but this is not stored in ctcLink. The ePerformance and Profile Management project will change this business practice by providing a location within ctcLink to store the licenses and certifications in an employee's Person Profile. The QRG below provides background information on this project.
  • Setup Balloon Payment on CTC Job Data Page (for Future Faculty Pre-Pay): Opportunity for Alignment
    • Majority of colleges provide the ability for Faculty to get paid for 9 months of employment, but deduct (pre-pay) the employee portion of the benefit contribution to be distributed as montly payments over the summer, including the employer matching payments to ensure Faculty retain their benefits over the summer. A few colleges do not participate in the Pre-Pay and simply pay the Faculty compensation across 12 months, rather than 9 months, thus equally dividing payments and deductions across that 12 month period so no Pre-Pay is needed.
  • Enroll in Time & Labor:
Employee Onboarding IT Department Steps

IT Setup [Generally Out of Scope - But Certain Data Feeds into ctcLink]

  • HR Notifies IT of New Employee Anticipated Start Date (outside of ctcLink - via email, phone, IT service desk, etc.)
    • Establish Active Directory Record
      • Active Directory setup is for local campus access. ctcLink uses a separate Active Director for access to all Production and Non-Production environments.
    • Establish Employee's Work Email
      • Once an employee's work email is established the Local Security Administrator will need to update the email address on the employee's HCM User Profile, which will synchronize to the other pillars and ensure that the employee can receive all approval notifications in HR and Finance.
    • Setup Employee's Equipment:
      • Issue Laptop/Desktop - Required for access to ctcLink
      • Issue Phone and Setup Phone Number - Campus phone number must be updated in ctcLink Person Information in HCM once issued. This data will synchronize to the Campus Solutions Personal Information table.
      • Issue other "Small and Attractive" equipment (tablets, in classroom resources) - May require tracking in Finance as Asset
    • Other Campus Account & Building Access:
      • Intranet Access
      • Department Shared Drive Access
      • Document Repository
      • Printer Access
      • 25Live (Room Scheduling Software) Access
      • Local College Help Desk Ticketing System Access
      • Badge Issuance/Keyless Entry/Building Alarm Codes) - Some colleges handle this through IT Help Desk, other colleges perform this task in HR, Campus Security or Facilities department.
      • Keys - Some colleges handle this through IT Help Desk, other colleges perform this task in Campus Security or Facilities department.
      • Other Campus Web-Based Applications:
Employee Training (Professional Development)

In order for employees to be granted access to ctcLink they are required to complete initial training to be able to perform their expected job duties. Once their assigned training is complete the Local Security Administrator will grant access to the pages needed to perform their work.

Employees register for the course(s) at the ctcLink Training & Learning Opportunities Registration page using the ctcLink Training Registration form

In addition to assigned trainings, employees are given access to the ctcLink Reference Center new employee "onboarding" content in the Welcome Section.

General Employee Onboarding Materials:

Pillar Specific Employee Onboarding Materials:

Employee Onboarding Security Steps

Establishing an Employee's Security User Profile

When and employee is hired into the Washington State Community and Technical College system they may or may not have an existing security User Profile. 

  • If the employee has never worked at a college in our system, then the ctcLink system will automatically generate a User Profile with a standard set of security roles applied to all employees.
  • If the employee was formerly a student, they will have a User Profile in the Campus Solution (CS) pillar and Portal (ctcLink Gateway) only. Once a job data record is added, a scheduled process will create a User Profile in the HCM and FSCM pillars.
  • If they currently or previously work at another college in our ctcLink system, they will already have an existing User Profile in Portal (ctcLink Gateway) and all three pillars (HCM, FSCM and CS).
    • If the employee worked for and separated from a college before that college converted

Once the initial User Profile exists, additional updates are made to that profile setup data and page access. Some of this work can be done using automation of security role loading, but all User Profiles will require some level of manual maintenance to ensure access setup is complete:

In section Does employee have a job at another college?, should we include remove ZZ Former Employee role if listed?

HCM Pillar Access Setup

"HCM: Add HCM Base Admin Staff Access Roles (if missed):
- ZZ Navigation Bar Access [HR/Payroll Staff, Managers Needing Query Access]
- ZZ Hiring Manager (if supervisor) [TAM active colleges]
- ZZ Interested Party[TAM active colleges]"
    

HCM: Add Any Additional Workflow Related Roles
NO    HCM: Update Email Address with Campus Email (if assigned after profile is built)
YES    HCM: Update Email Address with Campus Email (if assigned after profile is built) - If YOUR college is primary + set to Primary to user this email for approval workflows in HCM.
NO    FIN: Verify Email Address Sync'd from HCM to FIN.
    

Campus Solutions Access Setup:

  • Apply Supervisor Approved CS Security Roles - LSA Coordinates with Supervisor when Employee appears to all within a Standard (Templatized) Responsibility Set (e.g. Budget Manager) and confirms access needs.
    • Former/Current Students with Existing User Profile: - Add Campus Solutions Base Admin Staff Access Roles (if missing):
      • ZZ SACR User Defaults
      • ZZ Navigation Bar Access"
  • Apply Requested SACR Security - LSA Coordinates with Supervisor on Appropriate SACR Security Settings
    • CS: Apply Requested SACR Security (Verify with Supervisor if user has any Global Impacting SACR Security Settings from another institution)
  • Assign Primary + Row Level Security Permissions for Masking Rights    
        

Faculty Access

In the HR Onboarding Process, under Faculty Setup, an instructor must be added to the Instructor/Advisor Table. Once that task is completed, the system dynamically assigns 
ZZ Faculty or ZZ Advisor roles, depending on how they were added to that table. If the employee already works as an instructor at another college in our system, they may already have an entry on this table and therefore may already have these security roles applied.    

Supervisor Decision Based Role Assignments (by pillar):
    Supervisor Determines Job Based Role Assignments (All Pillars)
    Supervisor Determines If Employee Falls within a Standard (Templatized) Responsibility Set (e.g. Budget Manager) and Communicates this to LSA.

    FIN: Supervisor in Collaboration with Finance Office/Business Analyst Determines Appropriate User Preference Definition Settings
    FIN: Supervisor Determines Additional Secondary Security Needs (PCard, Requester, PO, Travel, Voucher, Commitment Control, Treasury, Grants)
    HCM/FIN: Supervisor Determines Appropriate Approval Responsibilities for HR/FIN Workflows (If Manager)
    HCM: HR Director Determines Approval Responsibilities in HR Related Workflows
    "Route for Secondary Approvals (If Applicable) for Secure Area Role Access 
(e.g. FA, SF, HR, FIN, Query Highly Sensitive Data)"
    

Finance Office Secondary Security Access:
Does Employee Have an Existing User Preference Setup for Another BU?    
YES    FIN: Assess if the user has a User Preference Setup for another BU. If so, determine which college is the Primary BU.
NO    Continue...
    FIN: Establish Employee as Requestor/Buyer (if applicable)
    FIN: Establish PCard Security (if applicable)
    FIN: Review Approval Authority (Requisition, PO, Voucher)
    FIN: Review User Preference Decisions Made by Supervisor
    FIN: Commitment Control/Budget Security
 

Does Employee Have an Existing Travelers Profiles for Another BU?    
NO    FIN: Create Expense Traveler Profile by Finance Staff Responsible for Travel Profile Maintenance
YES    FIN: Expense Traveler Profile - If user has a profile for another college, determine which college is Primary.
    HR Office Purchasing Process Access (by pillar):
 

Does this Employee Have a Job at Another College?    
NO    Skip to next section
YES    HCM: Evaluate the Employee jobs and determine if YOUR college is Primary. If so, change Primary & Row Security to YOUR HR BU
 

Is Employee a Time & Labor Administrator for Another College?    
YES    HCM: Employees Can ONLY be TL Super User at ONE College in a User Profile - Contact Customer Support
NO    HCM: Determine if User is a Time and Labor Administrator
    HCM: Determine if User is an Approver of Position Profile
    HCM: Determine if User will be a 'Delegate' for Managerial Approvals (manually assigned ZZ HCM Manager)
    HCM: Determine if User is a FWL Contract Approver (if college participates)
    LSA Roles and Additional Security Role Application (by pillar):
 

Did this Employee Have a Job at Another College?    
YES    Determine if User has 'Active' job at another institution. If NOT, were they properly Off-Boarded?
YES    If NOT properly Off-Boarded - Contact Other College to Ask for Proper Off-Boarding.
YES    If 'Active' at other college, LSA assess role assignments for SOD conflicts at YOUR college. Contact support if unique User Profile is required. 

Finance Pillar Access Setup:

FIN: Assign User Preference Decisions Made by Supervisor
NO    FIN: Apply Route Controls for BU
YES    FIN: Apply Route Controls for your BU (if active at another college, add your college's BU to existing RT CTRL)
YES    FIN: Update Email Address with Campus Email (if assigned after profile is built) - If YOUR college is primary + set to Primary to user this email for approval workflows in FIN.
NO    HCM: Assign Primary + Row Level Security Permissions for Data Access
YES    HCM: Assign Primary + Row Level Security Permissions for Data Access - If YOUR college is primary.
    HCM: (If indicated by HR) Apply Row Level Security Permissions [CTC_nnn_TL_SUPERUSER] 
    HCM: Apply Supervisor Approved Roles

NO    FIN: Assign Primary + Row Level Security Permissions for Data Access
YES    FIN: Assign Primary + Row Level Security Permissions for Data Access  - If YOUR college is primary.
    FIN: Apply Supervisor Approved Roles  
    

Post Security Setup Communications:

Post Security Setup Communications:
    IT Help Desk: Provide status to Supervisor, User, CTC Pillar Leads (ctclinksecurity)
    HR: Notify Supervisor of EMPLID
    Supervisor: To provide EMPLID to User and help activate account
    

TRANSITIONS:
HR Transition Processes
  • Hiring Manager Notifies HR of Employee Position Change Start Date
  • HR Enters Job Data Changes to Set Termination Date of Exising Job (if needed) Record and Start Date of New Job Record
Security Transition Processes

Is this just a second job as an instructor?    

Faculty/Advisor Role Foundation (who enters varies by college):

  • Add Instructor to Instructor/Advisor Table for your Institution (may already exist if user works at another college, but must exist at your college or cannot be paid)
  • System Dynamically Assigns ZZ Faculty or ZZ Advisor role (if does not already exist)    

Supervisor Decision Based Role Assignments (by pillar):

  • Old and New Supervisors Agree to Any Possible Lingering Job Duties (slow transition)
  • New Supervisor Determines Job Based Role Assignments (All Pillars) that pertain to specific job
  • Determine the key queries needed to be executed for the new position, assess the roles needed by running the Query Qxx_DS_QUERY_RECORD_USER_RPT to identify by User Profile Query Roles Required to Run each Query.
  • CS: Supervisor Determines Appropriate SACR Security Settings 

HR Office Purchasing Process Access (by pillar):

  • Determine if User is a Time and Labor Administrator [Can ONLY be TL Super User at ONE College in a User Profile]
  • Determine if User is an Approver of Position Profile
  • Determine if User will be a 'Delegate' for Managerial Approvals (manually assigned ZZ HCM Manager)
  • Determine if User is a FWL Contract Approver (if college participates)

Finance Office Secondary Security Access:

  • FIN: Assess if the user has a User Preference Setup for another BU. If so, determine which college is the Primary BU.
  • Establish Employee as Requestor/Buyer (if applicable)
  • Establish PCard Security (if applicable)
  • Define Approval Authority Values for Employee (Requisition, PO, Voucher)
  • Review User Preference Decisions Made by Supervisor
  • Expense Traveler Profile - If user has a profile for another college, determine which college is Primary.
  • Commitment Control/Budget Security 

Continue with regular employee Finance and HCM secondary:

  • FIN: Supervisor in Collaboration with Finance Office/Business Analyst Determines Appropriate User Preference Definition Settings
  • FIN: Review Approval Authority Associated with the Position (Req, PO, Voucher)
  • FIN: Review Req and PO Entry Needs (may be done by Finance or Admin Staff)
  • FIN: Supervisor Determines Additional Secondary Security Needs (PCard, Requester, PO, Travel, Voucher, Commitment Control, Treasury, Grants)
  • Yes    HCM/FIN: Supervisor Determines Appropriate Approval Responsibilities for HR/FIN Workflows (If Manager)
  • HCM: HR Director Determines Approval Responsibilities in HR Releated Workflows
  • "Route for Secondary Approvals (If Applicable) for Secure Area Role Access (e.g. FA, SF, HR, FIN, Query Highly Sensitive Data)"    

Is this employee a NEW supervisor?    
Assess what approvals this employee is expected to perform and determine what AWE roles/secondardy security settings would be needed in their role.

LSA Roles and Additional Security Role Application (by pillar):

LSA Roles and Additional Security Role Application (by pillar):

  • Determine if User has 'Active' job at another institution. If NOT, were they properly Off-Boarded?
  • If NOT properly Off-Boarded - Contact Other College to Ask for Proper Off-Boarding.
  • If 'Active' at other college, assess role assignments for SOD conflicts at YOUR college. Contact support if unique User Profile is required.
     
Campus Solutions Pillar Security:

Campus Solutions Pillar Security:

  • Apply Supervisor Approved Roles
  • Apply Requested SACR Security (Verify with Supervisor if user has any Global Impacting SACR Security Settings from another institution)
  • Assign Primary + Row Level Security Permissions for Masking Rights (Coordinate with other college if masking rights are going to be elevated with new job.)
  • Add Campus Solutions Base Admin Staff Access Roles (if missed):
    • ZZ SACR User Defaults
    • ZZ Navigation Bar Access
       
Finance Pillar Security:

Finance Pillar Security:

  • Apply Supervisor Approved Roles
  • Assign Primary + Row Level Security Permissions for Data Access  - If YOUR college is primary.
  • Apply Supervisor Approved Roles
  • Apply Route Controls for your BU (if active at another college, add your college's BU to existing RT CTRL)
  • Update Email Address with Campus Email (if assigned after profile is built)
    • If YOUR college is primary + set to Primary to user this email for approval workflows in FIN.
HCM Pillar Security:

HCM Pillar Security:

  • Apply Supervisor Approved Roles
  • Assign Primary + Row Level Security Permissions for Data Access - If YOUR college is primary.
  • (If indicated by HR) Apply Row Level Security Permissions [CTC_nnn_TL_SUPERUSER] - If YOUR college is primary.
  • Apply Supervisor Approved Roles
  • Add HCM Base Admin Staff Access Roles (if missed):
    • ZZ Navigation Bar Access
    • ZZ Hiring Manager (if a supervisor)
    • ZZ Interested Party"
  • Add Any Additional Workflow Related Roles
  • Update Email Address with Campus Email (if assigned after profile is built)
    • If YOUR college is primary + set to Primary to user this email for approval workflows in HCM.
          

Communications:
    IT Help Desk: Provide status to Old and New Supervisors, User, CTC Pillar Leads (ctclinksecurity)
    Finance Staff Charged with Removal of Secondary Access to Finance Processes notify LSA of completion

OFFBOARDING:
HR Offboarding Processes
  • Manager Notifies HR of Employee's Termination/Resignation with Last Working Date
  • HR Enters Job Data Changes to Set Termination Date of Job Record (to align with Pay Period End)
IT Offboarding Processes
  • IT ensures all technology devices are returned (laptop, monitors, specialized cables, docking station)
  • Termination information auto syncs with college IT Systems (deactivates AD account, Exchange mailbox, etc.) 
Security Offboarding Processes
  • Confirm whether employee falls into special handling category:
    • Instructor
    • Approver
    • Elevated Security in Finance
    • Employed at Other College(s)

Faculty/Advisor Role Foundation (who maintains varies by college):

  • Update Instructor on Instructor/Advisor Table for your Institution to set record to 'Inactive'
    • System Dynamically Removes ZZ Faculty or ZZ Advisor role (if no other active Inst/Adv Record for Another College) 

Approval Routing:

  • Supervisors Determines What (if any) Approval Routings Need to be Reassigned to Another Employee  

Check If Employee Has Job at Another College:

  • Run Query QHC_XXX to see if the employee also has an active job at another institution.

Active Job at Other College(s) - Partial Security Reduction:

  • Employee determined to have an active job at another college requiring coordinated roll removal
  • CS: Remove institution specific SACR Security (for your college)
  • CS: If employee has CS roles from other college, leave masking 'as is' if not, set masking to Mask ALL
  • FIN: Remove institution specific User Preferences
  • FIN: Review Any Roles Left for Other College Access that Require Route Controls, remove your BU (leave role & the other college BU).
  • FIN/HCM: Review Any AWE Specific Roles and Confirm Supervisor Has Alternates Determined, remove role for departing employee, assign to interim
  • HCM: If your college was primary, set Row and Primary Position to Other College 

No Other Active Jobs - Full Separation:    

  • Continue with regular employee off boarding
  • CS: Set Masking to Mask ALL
  • FIN: Clear ALL User Preference Definition Settings
  • FIN/HCM: Review Any AWE Specific Roles and Confirm Supervisor Has Alternates Determined, remove role for departing employee, assign to interim
  • HCM: Leave Row and Primary Permission List entries (reset to college if TL Superuser), so former employee can still access Payroll history and W2.
  • FIN/HCM: Determine if user is a delegate in any approval chain. Remove delegation.
  • External Systems Access: Remove any access to LegacyLink, Legacy Transcript Application, PBCS (if applicable)
  • HCM: Determine if User is a FWL Contract Approver (if college participates) and remove if needed
  • HCM: Update Email Address with Non-Campus Email (encourage user to update Okta MFA reset email) 

Campus Solutions Staff Charged with Removal of Secondary Access to Student Processes

  • CS: Clear ALL Non-Student SACR Security Access

Finance Staff Charged with Removal of Secondary Access to Finance Processes

  • Remove Grants Security for Your BU
  • Remove Commitment Control Security for Your BU
  • Remove Requestor/Buyer Setup for your college (if exists)
  • Update Expenses Approver Assignments
  • Remove PCard Access Roles (if exists) for your college
  • Department Chartfield Manager Cleanup (remove if employee is a department manager) per BI Publisher Report on Security (BFS_SEC_OPDF in FSCM and BCS_SEC_SACR in CS)
  • Remove All Approval Authority Associated with the Employee in that Position (Req, PO, Voucher)
  • Deactivate Expense Traveler Profile for your BU
  • Remove Grants Security for Your BU
  • Remove Commitment Control Security for Your BU
  • Remove Requestor/Buyer Setup for your college (if exists)
  • Update Expenses Approver Assignments
  • Remove PCard Access Roles (if exists) for your college
  • Department Chartfield Manager Cleanup (remove if employee is a department manager) per BI Publisher Report on Security    

Communications

  • IT Help Desk: Provide status to Supervisor, HR, CTC Pillar Leads (ctclinksecurity)?
  • Finance Staff Charged with Removal of Secondary Access to Finance Processes notify LSA of completion
Customizations

SM-049 - Restrict users by Business Unit in Travel & Expense

Restrict users by Business Unit in the Travel & Expense Module to both view and modify travel documents.  This change will provide search results based on the Business Unit access that the User who is searching has in FSCM for Expense Report Payment, Cash Advance Payments, Create/Modify or View of Expense Reports.  Users will not be able to view or modify Travel Document belonging to other colleges, after documents have been opened. Users will be able to apply filter on Expense Reports in Expenses Workcenter.

Assessment Outcome: This critical customization cannot be removed as it ensures the segregation of access to each Business Unit.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.