Welcome to R2|D2

This is the name for the process UMCHS uses to automatically and systematically give and remove access to IT resources such as applications (Cerner, Email, etc.) There are separate processes and portals for processing access. R=Regular Employees D=Disconnected Users (Non-Employees).  

C3PO is the name of the automation engine that provisions and de-provisions user access.

Role Based Access Controls is a method where a user is provided system or application access based on their assigned role in the organization. For example, a nurse on 4West will be given access to certain applications and rights and may be different that those of a nurse at 4East.

 Access to systems and applications are automatically granted based on a predefined qualification list and tied to the employee’s role within the ERP system (HR) or IDM2 for non-employees. 

Users who take on additional duties not typical for their assigned role will need to submit and Exception Request in the R2/D2 portal. The user’s manager will be required to approve all requests.

 The department director will need to submit a help desk ticket (ServiceNow) and explain the need. 

Contact HR to have them update your credentials in the HR database. R2/D2 will then automatically 

Employees must submit a Name Change request to HR and Non-Employees need to work with their organizational representative who can work directly withy UMCHS IAM team. 

See “Leaver” section for the particular type of user in the Security Clearance Manual.

Contact the IT Service Desk (775-9109). However, the manager/supervisor will still need to follow up with HR with the proper separation process for employees and non-employee organizational representative will need to complete the action within IDM. 

 Contact the IT Service Desk (775-9109) so they can determine the cause. 

  Contact the IT Service Desk (775-9109) 

Timing of access depends on HR process and when R2/D2 syncs with the HR & IDM database. Users should allow at least 3 business days after HR has made the changes in their system.

Any system that has been configured to auto create an account directly in the system is done without human intervention and thus quicker. All other system access must be manually created and thus can take up to 3 days. It is our goal to auto-create all accounts within the two years.