Missing Researcher SSOs – IIP Case Study

PeopleXD is the University’s main HR system, supporting personnel, payroll, recruitment, training, and statutory reporting. 

Identity underpins how researchers are recognised, how systems interact, and how services are accessed. When parts of that identity are missing — such as Single Sign-On (SSO) details — the impact can be felt across reporting and governance.

This issue came to light in PeopleXD, where some researchers’ records were incomplete because they lacked the SSO account name. Reconciling data across multiple databases to find the missing values required considerable administrative effort. Accurate researcher information is also essential for the Research Excellence Framework (REF), the national system for assessing research quality. Without SSOs, it becomes harder to link researchers to their outputs, which risks under-representing Oxford’s research strength. 

The issue in PeopleXD 

PeopleXD is designed to maintain a consistent link between HR records and University identities. However, colleagues continue to encounter cases where some researcher records lack associated SSOs. 

For the latest REF report, 353 researcher records were missing SSOs in PeopleXD. A Data Architect had to spend one day a week for six months identifying the missing SSOs from other data sources, confirming matches with the relevant people, and getting the data entered correctly into the system. Despite this sustained effort, SSOs could not be identified for 117 records, so alternative manual processes will be needed to determine the research outputs for these individuals. 

Why SSOs go missing 

SSOs are assigned by the University’s Registration system once a University Card has been created. Registration then exports the SSO to PeopleXD together with the matching employee ID (which it gets from the University Card database) so that it can be added to the correct record. The University Card database is populated with the employee ID from a field in the University Card Request App. 

Problems arise when:  

• A University Card is issued before the PeopleXD record is created, resulting in the Card database missing the employee ID information, which does not yet exist 
• There is a mistake in the employee ID entered in the card request 
• The backup process in the Registration system, which aims to find missing employee IDs through name and date-of-birth matching between card data and HR data, fails to find a good enough match 

Because the backup process relies so heavily on name matches, small variations can prevent the link from being made. Automated checks between systems cannot cope with these variations, so records are often left unmatched. In practice, Registration, PeopleXD, and the Card Office all share data back and forth, but without a unique record identifier common to all three systems. As a result, the communication is not foolproof. Some mismatches slip through, leaving the researcher without an SSO in PeopleXD. 

In addition to Registration’s matching process, PeopleXD also has a reactive correction process. When missing SSOs prevent researchers from accessing HR self-service, HR Systems support staff step in to manually resolve the issue. They confirm the match with the relevant department, update the record in PeopleXD, and pass the corrected details to the Card Office. While this helps to patch individual cases, it highlights how much staff time is currently being spent on workarounds rather than on fixing the underlying problem. 

This creates challenges including: 

• Researchers not being consistently visible in reporting 
• Significant extra work to confirm identities manually 
• Risks to accurate REF submissions 

How IIP is helping to change this 

The Identity Improvement Programme (IIP) is reshaping how identity information is created and managed across Oxford. The improvements being delivered will directly address the issues identified in PeopleXD: 

• Improved lifecycle management to ensure all researchers automatically have a linked SSO 
• Better data quality and integration so that information like SSOs cannot fall through the cracks, strengthening trust in reporting and REF submissions 
• Gathering data as close to the source as possible, with local empowerment and central oversight, to allow units of the University to spot and resolve anomalies earlier 
• Consistency across systems so researcher records remain aligned, reducing the need for manual reconciliation 

Crucially, these improvements move the University away from reactive, manual fixes and towards proactive prevention — freeing up staff time and ensuring researcher records are reliable from the outset. 

Next steps 

As IIP continues, upcoming work will: 

• Pilot new identity lifecycle processes with selected departments and divisions 
• Roll out group management tools that give local teams more visibility and control over records 
• Strengthen system integrations to ensure that HR and identity data flow reliably and completely 

In summary 

Missing SSOs in PeopleXD highlighted weaknesses in current data flows. 

The IIP is introducing stronger lifecycle management, better integration, and new tools for local oversight that will prevent similar problems in future. 

These improvements will reduce manual effort, improve accuracy, and give greater confidence in researcher records — supporting both day-to-day operations and Oxford’s REF submissions. 

This case demonstrates how IIP takes into account real-world issues and uses them to develop lasting improvements for identity management across the University.