This article is primarily concerned with executable processes in a BPM system (BPMS), which requires a certain amount of human interaction, such as the traditional holiday request or invoice approval. In such processes have always found the right editor for the next step. For this, various rules can be defined. For example, the BPMS needs a supervisor of an employee who just applied for a vacation. Or something more complex: It is looking for a person receiving a bill is allowed to release more than 50,000 € in the line organization and the supervisor of the buyer's who purchased the products for which the invoice is received.

Today's BPM suites provide the most that can be modeled in a very short time these and similar processes. About built-in "adapter" can also often different systems (eg databases, ERP systems, etc.) can be integrated without programming. The necessary forms will also be assembled with the aid of graphical interfaces and the process involved, (have at least as long as the forms do not own logic) without programming. The processes were run in a few hours and could be used. Unfortunately, it falls short then often at the required user information. In theory, one needs in the system all information about each employee ¹ . In Which department does he work? Who's the boss? What rights and obligations of employees hold? What roles and responsibilities has a special professional staff?

A list of all employees of a company is generally in any directory service (eg LDAP, Active Directory, etc.) are present. At least then, if the employee and on the PC or the network of the company operates, that is not to neglect. Especially in the manufacturing sector is not always the case. But often in these directories is unfortunately impossible to find it. The assignment to a department and a supervisor, and the roles and rights of the users are rarely organized centrally. This means that you have to pay a lot of information in any way the user manage the BPMS. If this information has been entered once the real work begins in earnest. The data must be updated continuously. With each change (change of department, new tasks, termination, etc.), the administrators of the BPMS users know about it and populating these changes. Depending on company size and turnover may be here soon with an RTD ² count. And we would like to operate a BPMS to save money, right?

At this point, the Identity Management (IDM) support helpful. An IDM system is often a central directory that all the information about the users centrally manage all user information, or as a central information platform for all other systems is available. IDM systems could be described as data-octopus, but as a benign. In an IDM system can be deposited which system which contains information about employees, which system is the leading system for user attributes, and which systems will also need certain user attributes. Thus, for example, certain employees are pulled data from an HR system (eg, name, cost center, department, etc.). The IDM system can then Provision, such as data and automatically create users in all required systems (eg LDAP, email server, or directly in a BPMS). Optionally be generated in these systems new information (eg the email address from the email server), these can be transferred back to the other connected systems. In the highest stage of such a system manages all user attributes and user rights. These could be assigned automatically based on specific information (eg, if the HR is apparent that the employee is a supervisor or the employee is placed on a certain position, which are endowed with certain rights must be). This allows the cost of user administration significantly reduced. In addition, today and probably an even more important point than the administration costs, the quality of the user data is increased significantly. This directly increases the company's IT security. Many of the major data breach, where millions have been sold by customer records or many Euros have been burned by illegal transactions could have been prevented by good IDM. The advantage over other security measures is that the user friendliness of the systems is not diminished by unnecessary barriers and security questions, etc.. It is easy to ensure that each employee can only do what is in his area of ​​responsibility (Separation of Duties).

Conclusion
And now back from the IDM for BPMS: If the user information available clean, anyone can ever so beautifully modeled process will fail. It is therefore important that information in the BPMS reproach or make available to the system. Since a BPMS certainly not the only system in the enterprise, which requires user information, it makes sense to make a rule out in advance about the subject IDM thoughts. One does not need to introduce an IDM system or build, but it should be defined in any case where they come from user information and how that information will be made available to all interested parties and how that information is kept consistent and up to date on all systems. Even a company-wide rights and role concept is very helpful. This, in my opinion one of the most important prerequisites for the successful and cost-effective use of a BPMS, should be executed with the "human-intensive" processes.