***********************Important - NON FTE*********************

Look at the "Contract Status field in New Hire ticket

If the "Contract status" is in Contracts in Signature, Contract under negotiations, or No Contract, we need to get confirmation from the Manager that the contract has been fully executed before creating their accounts. (If not contract selected please reach out to 

Accounts that are requesting an Okta account can have these new Contract statuses. 


**********************************************************************************************

Step 1: Account Provisioning

Employee accounts are managed via Namely HRIS. It will flow into Okta as an import. For consultants, Okta will be the master profile.

 

Type

Steps

Employee

- Okta Admin - (https://mirumpharma.okta.com)


- Check Import form Namely Application and Create New User from Import

> Go to user PROFILE tab and update info:

> User Type = Employee

> UL Home Organization = Internal

> O365 Hide from GAL= False


> Go to user GROUPS tab and update info:

 > Assign Microsoft O365 license - Premium or App 365, Std, InTune, Defender 


- Activate User Acct.


Click "Reset &Active Password".

Open a Incognito browser tab, goto url: (mirumpharma.okta.com)

> OKTA Verify screen will appear, enter user credentials(firstname.lastname)

> Enter users "encrypted temp pwd" and click "Verify".

> Follow the setup prompts until you get to users OKTA Dashboard.


- O365 - (https://admin.microsoft.com)

Add to AD Group(s):

  • Distribution list (based on Location)
    1. Foster City (HQ@mirumpharma)
    2. Remote (us_remote@mirumpharma)
    3. Basel (Basel@mirumpharma.com)

.

 

Consultant Contractor


 Non-Employees

 

DO NOT SET MIRUM AS THE ORGANIZATION FOR CONTRACTOR/CONSULTANTS


Okta - (https://mirumpharma.okta.com)

-Directory > Add Person

>First Name, Last Name = First name, Last name

>User Name / Primary Email = first.last@mirumpharma.com

>Secondary Email = Personal Email

>Ignore Groups (will be automatically assigned based on profile)

>Password = Set by User (uncheck send activation now)

>Send Activation Email = Leave blank, need email to be created first


Lookup User in Okta Directory:

>Title = Match what is in form, leave blank in Okta if blank in form

>Display name = FirstName LastName (Add (C) after name)

>Mobile Phone = Mobile Phone #

>User Type = Contractor or Consultant

>UL Home Organization = Internal

>Manager Email = Lookup Manager’s email address

>Department = User Manager’s Department value

>GxP=Set according to new hire form

>End Date=End Date listed on form

 

Add to Okta Groups


If ONLY email is needed:

>Add to “APP – M365 – Business Basic License”


IF MIRUM Laptop is provided:

>Add to "App - M365 business standard, intune, defender in Okta

 

Once M365 account is created, then activate Okta account.


**

DO NOT ADD ANY CONTRACTORS TO ANY MAIN DL'S

 

ALL, EU_ALL, US_ALL, EU_BASEL, EU_ZUG ETC


 


>Send Credentials to User’s personal email and CC manager

>Attach Consultant Getting Started Guide from KB

 




***When assigning Applications to users DO NOT assign NetSuite, Edetek or Midas for applications or groups.  These have to be assigned to Sam or Chrislyn.

Step 2: Setup new computer for user:

  1. Login with M365 Credentials
    1. Enable local Administrator (lusrmgr.msc) and disable all other local accounts.
  2. Install Software Suite in C:\ODT\
    1. Adobe Acrobat Pro, Zoom, Box Drive
    2. Pin Adobe, Zoom, Box, Chrome, Teams, Office Apps) to Taskbar
  3. Log into OneDrive for user
    1. Remove the “OneDrive” Namespace from Explorer (duplicate) via RegEdit. We use “One Drive – Mirum Pharmacetuicals”
      1. Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
  4. Install Windows Updates and Lenovo updates via Lenovo Vantage.
  5. Hide Task View and Cortana from taskbar. Reduce search bar to icon.
  6. Set default apps Adobe (PDF), Chrome (Browser).
  7. Under Windows Update > Advance Options > Enable “Receive updates for other Microsoft products”
  8. Launch Realtek Audio Console from Start Menu > Click on “Microphone Array” > Enable Voice Recognition

Step 3: Finish setup and ship out computer

  1. Set password back to M1rum2024! and force user to update password on next sign-on
  2. Remove MFA Excluded Active Directory group from user.-