ASTRA 2.1 enables customers with integrated applications to apply a policy for managing their authorizations in ASTRA, and thereby automate access removal for terminated employees. Adoption is underway now for applications with access policies involving current employees and others authorized based on business need.
Before ASTRA 2.1, application teams and/or individual authorizers had to do periodic access reviews and manually remove authorizations to comply with access policies for their applications. With ASTRA 2.1, access policies can be applied to authorizations in ASTRA, so that authorizers can only create new authorizations that align with access policies, and current authorizations are automatically removed by ASTRA when employees terminate their employment.
ASTRA authorizers benefit from the improved efficiency of automated removal of authorizations. For example, ASTRA authorizers don’t have to search for and remove authorizations for terminated employees. Instead, ASTRA 2.1 will remove them automatically for applications that adopt ASTRA 2.1.
Business application owners, their teams, and related data custodians benefit from more effective information security and compliance with audit requirements, as authorizations in ASTRA will align better with access policies for applications that adopt ASTRA 2.1. Improved efficiency applies as well, for people and teams involved in day-to-day management of authorizations.
Yes, authorizers should continue to review authorizations for terminated employees, job transfers, and others who no longer need access to applications. As applications adopt ASTRA 2.1 automated deprovisioning, authorizers will find fewer active authorizations for terminated employees. ASTRA will continue to email quarterly status notifications as reminders.
ASTRA uses Workday business terms and data to differentiate “current employees” from other people: specifically, employees who have “Active” or “Leave” status in Workday are treated as current employees. ASTRA relies on the Operational Data Store (ODS) for this Workday data, and under normal operating conditions will be 24-48 hours behind current data in Workday.
Under normal operating conditions, ASTRA will be 24-48 hours behind current data in Workday. If you are creating an authorization for a new employee, they must have “Active” or “Leave” status in Workday, and you need to wait 24-48 hours for ASTRA to be updated from Workday.
This error message means the person (or process) you’re trying to authorize isn’t allowed to be authorized based on the access policy defined for the application.
- If you are authorizing a new employee, you may need to wait 24-48 hours for ASTRA to be updated from Workday. Once their “Active” or “Leave” status in Workday has been updated in ASTRA, you should be able to authorize them. Contact your HR support partner to confirm status in Workday.
- If you are authorizing someone who isn’t a current employee, you may need to contact the application team for further instructions.
Yes, as applications adopt ASTRA automated deprovisioning and access policies involving current employees, authorizers may need to follow new practices and procedures to create authorizations for people (and processes) who aren’t current employees. To learn more, check the support information for specific applications.
The following applications have adopted or have planned timeframes for adopting ASTRA automated deprovisioning
ASTRA 2.1 Status
Date of adoption
|Ariba System Administration||ARIBA Admin||ARIBA Roles and Authorization||Active||2020-11-30||Finance|
|Payment to Individuals||P2I||Active||2020-11-30||Finance|
|eTravel||eTravel||eTravel access exception requests||Active||2020-11-30||Finance|
|Financial Desktop||MyFD||About Access to MyFD||Active||2020-11-30||Finance|
|Enterprise Data Warehouse||EDW||Request Access to Reports, Analytics, and Data||Active||2020-12-07||IT|
Application owners and their teams can decide if and when they want to adopt automated deprovisioning.
ASTRA 2.1 features can be adopted by applications that rely on the ASTRA Web interface and delegators/authorizers for managing their authorizations. These application teams can refer to our ASTRA 2.1 onboarding guide for details. Automated deprovisioning isn’t applicable to applications that integrate authorization data into ASTRA through other methods.
The following table includes status information for applications that rely on ASTRA, based on the last update from each application team. Pending status means no information has been collected.
ASTRA 2.1 Status
|System to Administer Grants Electronically||SAGE||Pending||Research, Finance|
|Cost Share Module||eFECS Cost Share||Pending||Finance|
|Effort Reporting||eFECS Effort Report||Pending||Finance|
|Temporary Hourly Employment Monitoring||Temporary Employment||Pending||HR, Finance|
|Equipment Insurance System||EIS||Pending||Finance|
|Space Inventory Management System||SIMS||Pending||Facilities|
|MyUW Support Application||MyUW||Pending||Student|
|Enrollment Confirmation System for Administration||ECS Admin||Pending||Student|
|Office of Student Financial Aid Web Page||OSFA Staff||Pending||Student|
|Student Personal Services View for SFS Staff||SPS View for SFS||Pending||Student|
|Tax Forms||Tax||Pending||HR, Finance|
|Employee Search||Employee Search||Pending||HR|
|Security Management Application Tool||SMAT||Pending||IT|
|HRPayroll Web Service||HRPWS||Pending||HR|
|Who Can Web Service||WhoCanWS||Pending||IT|
|Student Groupcode Associations||Student Groupcode||Pending||Student|
|Data Administration Personnel and Payroll||DAPP||Pending||HR|
|Electronic Research Administration||ERA||Pending||Research|
|Grant and Contract Certification Reports||GCCR||Pending||Research, Finance|
|Financial Web Service||FWS||Pending||Finance|
|Person Web Service||PWS||Pending||IT|
|SIS Web Stats||SIS Web Stats||Pending||Student|
|Supplier Registration Workflow||Supplier Registration||Pending||Finance|
|New or Modified Tuition Category Workflow||Tuition Change||Pending||Student|
|Electronic Academic Records System||EARS||Pending||Student|
|Content Web Service||CWS||Pending||IT|
|Enterprise and Departmental Data Integration Editor||EDDIE||Pending||IT|
|U-PASS Membership Manager||U-PASS||Pending||Transportation|
|Space Web Service||SpaceWS||Pending||Space|
|Student Web Service||SWS||Pending||Student|
|Suite of Rome applications||Rome||Pending||Finance|
|Rome Internal applications||Rome-Internal||Pending||Finance|
|Department Tools for Time Schedule||Dept Tools||Pending||Student|
|Tax A188 Monitor||Tax A188 Monitor||Pending||HR, Finance|