How-To: Create an Onboarding Rule in Lumos

Background

You've rolled out your AppStore and now you want to level it up even further by automating new hire onboarding & creating a source of truth for your onboarding rules!

Steps

1. Go here!

If you have access to New Hire Onboarding in Lumos, you should see this new button in your nav bar as a Lumos admin.

This is where you'll go to create/view/edit all of your onboarding rules in Lumos!

2.Click Manage Rules

3. Click "Add New Rule"!

3. Configure your rule!

You'll find that you can configure rules based on User based attributes (e.g. Team, Title, Groups, Everyone).

Team, Title, and other custom attributes will be sourced from your Source of Truth settings, and Groups refer to Okta, Google, or AzureAD groups pulled in via direct integration. 

Read more on your Lumos Source of Truth here!📄 Source of Truth

💡 If you select the "Everyone" rule, you will not be able to add any other attributes. 

Rules support limited OR logic, so you'll be able to create a rule that applies to multiple titles, teams, custom attributes or groups!

For example: A valid example is to create a rule and run it on anyone in the Engineering Team who also has the title of Solutions Engineer or Software Engineer.

Below that, you'll be able to select what access requests will be created - this will determine what access the new hire will get if they fulfill the conditions. 

This will populate with apps in your AppStore. Select as many apps/permissions as you'd like! You'll even be able to populate time-based access options, but make sure to select "Unlimited" if you want to give them unlimited access to the application.

[Optional] Set rule to be pre-approved!

Now, while you may have approvals generally configured for these apps, you may not necessarily want these onboarding requests to go through the regular approval requirements. If you select the checkbox "Make these birthright access", you will be bypassing all approvals for these requests.  

When you have this set, you will see a pill showing "All apps pre-approved" when viewing the rule, 

and in the pre-approvals tab for each app configuration within the AppStore, you will see a read-only card denoting that there is a birthright rule granting pre-approval to this particular app/permission:

You'll also note that you need to add a business justification for this rule - this is what will show up as the business justification on the access requests that fire when you trigger the rule!

4. [Optional] Rename your rule!

By default, your Onboarding rules will be named with the current timestamp, but you can rename this by clicking on the rule to type in a new name.

5. Hit "Save Rule"

5. You're all set! 

How do I edit a rule?

Easy - just click into a rule on the Onboarding Rules page:

make your edits, and click "Save Rule" up at the top right! 

How do I delete a rule?

On the Onboarding Rules page on hover you'll see a red trashcan:

or on the Edit Rule page you can click Delete on the top right.

FAQs

I have 20+ rules, can I search or filter by these rules?

Yes! You can search on the Onboarding page by rule name, condition or app. 

Is the activity around creating/editing/deleting rules tracked somewhere?

Yes, this will all be logged in the Activity Log today. Specifically, you can search for events titled: "Onboarding Rule Creation", "Onboarding Rule Deletion", "Onboarding Rule Update".

I have a custom attribute that's not showing up on my rules page! What's happening?

We only support String type custom attributes today. Please check to make sure it's type String, otherwise, please reach out to your CSM for troubleshooting!