Kronos
· 23 min read
 Kronos is a leading human capital and workforce management solution, streamlining workforce operations for organizations. It offers tools for scheduling, time tracking, payroll, and HR management, optimizing workforce efficiency and productivity.Identities ❌ | Accounts ✔️ | Groups ❌ | App Roles ✔️ | Entitlements ❌ |
Application
Steps
- Login to RSA G&L console as System Administrator.
- Navigate to Resources > Application.
- Click on Create Application and select Other Application.
- Enter the details as shown below.
- Click Finish.
Account Collector
This section explains the process for configuring an account collector for the Kronos application. We will use the SQL Server database collector for this purpose.
Steps
- Login to RSA G&L console as System Administrator.
- Navigate to Resources > Applications.
- Click on Kronos.
- Navigate to Collectors tab and click on Create Account Collector. Enter the details as shown below.
- Click Next and enter the SQL Server database details. Use the Test Connection to make sure the connection details are accurate. Use the latest Microsoft JDBC Driver for SQL Server if NTLM authentication is required.
- Click Next. Select the appropriate data that you intend to collect. For the purpose of illustration we will collect accounts, groups and user to account mapping from Kronos.
- Click Next. On the Account Data page, enter the following query to collect account information.
SELECT
UA.USERACCOUNTNM AS accountID,
(
CASE
WHEN ua.consecbadlogoncnt < 0 THEN '1'
ELSE '0'
END
)
AS isLocked,
(
CASE
WHEN UA.USERACCOUNTSTATUS = 'Active' THEN '0'
ELSE '1'
END
)
AS isDisabled
FROM VP_USERACCOUNT UA
LEFT JOIN VP_ALLPERSONV42 EE
ON UA.PERSONID = EE.PERSONID
WHERE UA.PERSONID > 0
ORDER BY UA.USERACCOUNTNM
The following are the important attributes
- Click Next. On the User Account Mappings Data configuration page enter the following query to map the Kronos account to user identity.
SELECT
UA.USERACCOUNTNM AS accountID,
EE.PERSONNUM AS userID
FROM VP_USERACCOUNT UA
LEFT JOIN VP_ALLPERSONV42 EE
ON UA.PERSONID = EE.PERSONID
WHERE UA.PERSONID > 0
ORDER BY UA.USERACCOUNTNM
The following are the important attributes
- Click Next. In the User Resolution Rules, map the user to account
- Click Finish. Use the Test function to make sure the configurations are accurate.
Entitlement Collector
This section explains the process for configuring an entitlement collector to collect admin roles from Kronos application. We will use the SQL Server database collector for this purpose.
Steps
- Login to RSA G&L console as AveksaAdmin.
- Navigate to Resources > Applications.
- Click on Kronos.
- Navigate to Collectors tab and click on Create Entitlement Collector. Enter the details as shown below.
- Click Next and enter the database connection details as shown in Step 5 of Account Collector.
- Click Next. Select the data types that the collector will be collecting from Kronos.
- Click Next. On the General Column Names, map the attribute names.
- Click Next. Under Application Role Data section, use the following query to collect admin roles from Kronos.
SELECT DISTINCT
PROFILENM AS role,
PROFILEDSC AS description
FROM ACCESSPROFILE
The following are the important attributes
- Click Next. On the Account Data section, enter the query below to collect mappings for account to roles.
SELECT
UA.USERACCOUNTNM AS account,
EE.ACCESSPROFILENM AS role
FROM VP_USERACCOUNT UA
LEFT JOIN VP_ALLPERSONV42 EE
ON UA.PERSONID = EE.PERSONID
WHERE UA.PERSONID > 0
ORDER BY UA.USERACCOUNTNM
- Click Next. In the User Evaluation, map the account to the ADC.
| Associated account collector | Account value evaluates to |
|---|---|
| Kronos ADC | Account Name |
- Click Next and then click Finish. Use the Test function to make sure the configurations are accurate.
COL019