HR-IT Onboarding Integration

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

​

Overview

​

Integration Flow

┌──────────────────────────┐
│  HR Onboarding Wizard    │
│  (Step 5: System Access) │
└──────────┬───────────────┘
           │ Employee selects:
           │ - Email account
           │ - Network access
           │ - Applications
           │ - Hardware needs
           ▼
┌──────────────────────────┐
│  Wizard Completion       │
│  (OnboardingWizardPage)  │
└──────────┬───────────────┘
           │ 1. Creates employee record
           │ 2. If access requested →
           ▼
┌──────────────────────────┐
│  useITOnboardingIntegration │
│  createITOnboarding()    │
└──────────┬───────────────┘
           │ Creates it_onboarding_instances row
           ▼
┌──────────────────────────┐
│  IT Module Dashboard     │
│  (/it/onboarding)        │
└──────────────────────────┘

​

Data Flow

​

1. HR Onboarding Wizard (Step 5: System Access)

​

2. Wizard Completion

// In OnboardingWizardPage.tsx handleComplete()
if (data.emailRequested || data.networkAccessRequested || 
    (data.hardwareRequests as string[])?.length > 0) {
  await createITOnboarding.mutateAsync({
    employeeId: employee.id,
    targetDate: data.hire_date || today,
    systemAccessRequests: {
      emailRequested: Boolean(data.emailRequested),
      networkAccessRequested: Boolean(data.networkAccessRequested),
      applicationAccessIds: data.applicationAccessIds || [],
    },
    hardwareRequests: data.hardwareRequests || [],
  });
}

​

3. IT Onboarding Instance Created

​

Event Contract

​

Integration Points

​

HR Side (Publisher)

• Hook: src/cores/hr/hooks/useITOnboardingIntegration.ts
• Page: src/cores/hr/pages/OnboardingWizardPage.tsx
• Step: src/cores/hr/components/wizards/steps/SystemAccessStep.tsx

​

IT Side (Subscriber)

• Table: it_onboarding_instances
• Dashboard: /it/onboarding
• Hook: useITOnboardingInstances (existing)

​

Security Considerations

​

Access Controls

1. RLS Policies: IT onboarding instances protected by organization-level RLS
2. Permission Check: Only users with hr.employees.create can trigger IT onboarding
3. Audit Trail: All IT instances include created_by for accountability
4. IT Staff Access: IT technicians can view via it.onboarding.view permission

​

Data Classification

5. PII/PHI Linkage: IT onboarding instances link to employee records containing PII/PHI:
   • SSN (from PersonalInfoStep)
   • Date of Birth (from PersonalInfoStep)
   • Home Address (from PersonalInfoStep)
   • Emergency Contact Information

​

Data Protection

6. Encryption at Rest: All employee data encrypted in database (AES-256)
7. Encryption in Transit: All API calls use TLS 1.2+
8. PHI/PII Restrictions:
   • System access notes field MUST NOT include SSN, DOB, full addresses, or other sensitive identifiers
   • Only reference employee by ID, not by sensitive data
   • Never log PII/PHI in error messages or console output

​

Audit & Logging

9. Logged Actions: IT instance creation, status updates, access attempts, deletion
10. Retention Period: Audit logs retained per organization data retention policy (default: 7 years)
11. No PII in Logs: Error messages sanitized to prevent PII exposure

​

Future Enhancements

1. Real-time notifications: Notify IT team when new instance created
2. Application catalog: Integrate with IT application inventory
3. Hardware inventory: Link to FM asset management
4. Auto-assign technician: Route based on department/location