Let's Break Down Provisioning: How to Manage a User's Lifecycle
A confluence of innovations, from the proliferation of SaaS apps to cloud computing, have revolutionized the way businesses engage with technology. Yet many business practices can be complicated by these innovations. Employees require more tools on more devices to do their jobs and organizations are confronting trends like data breaches, high turnover, and consolidation. Collaborating with partners and contractors adds another dimension of complexity to further amplify the problem. Automating user lifecycle management can help mitigate the issues arising from these trends and streamline workflows across entire organizations.
What is Provisioning? What is Lifecycle Management?
Provisioning entails the creation, update and removal of access to a resource in an information technology (IT) system, and is used as part of lifecycle management for onboarding, transitioning, support, and offboarding of all aspects of both employees and external users identities. The flow of a user's identity throughout the different stages is known as a user’s lifecycle state change. Such an event triggers different actions that need to take place as a result to ensure that access to resources stays compliant with business and security policies.
When an employee is hired, one of the first steps is the creation of a new record for that employee by HR. Depending on the organization, it is then up to a combination of HR, IT, and the employee’s supervisors to grant access to all of the apps and accounts they will need, as well as to introduce and enforce the organization's security requirements.
As employees are promoted, change roles, or adopt and drop various software tools, their access requirements change. Organizations may restructure or acquire new businesses, bringing along new employees. They can also require temporary or permanent app access for contractors and partners. And employees leave the organization under a litany of circumstances, a process which can be initiated by various departments.
Ultimately, no matter the reasons for the instigation of changes to a user identity, its administration falls to IT. On average, it takes an IT admin 30 minutes to process each provisioning or deprovisioning request. And that doesn’t include all of the helpdesk calls for password resets and configuring employees’ on their various and ever-changing devices. By automating provisioning and user lifecycle management, management can save IT and other departments’ valuable time and unnecessary frustration.
How automated user lifecycle management works
Automated user provisioning tools like Okta Lifecycle Management provide rich integrations to HR software including pre-integration to over 80 of the top SaaS apps for provisioning and deprovisioning, streamlining the process of managing user access across their different lifecycle states.
When HR adds a new employee record, Okta’s connectors can automatically provision the user for both on-premise and external apps based on attributes. As the employee’s role grows or changes within the organization, Okta Universal Directory keeps all of the user’s attributes and access permissions stored in a central location so that they can be easily modified or automatically updated. Updates occur based on rules or one or more profile masters like an HR system, CRM, ERP or another directory like AD or LDAP. When various departments or teams need to implement a new tool or modify entitlements, access can be quickly rolled out based on group rules that can automatically enforce the organization’s business and security policies.
Lifecycle management not only helps with provisioning on day one, but also when user's’ ongoing needs change and require them to get access to specialized applications. Users can make a self-service access request to an application that will go directly to the business application owner approval. Once approved for a provisioning enabled application an account will automatically get generated with the approved access level, all that without any need to generate unnecessary IT tickets. And when employees leave the organization, management can rest assured that access to all of their apps is fully and immediately suspended or completely deactivated.
Finally, through the whole user lifecycle, user provisioning helps keep organizations secure by providing a central location to manage and enforce security policies. Automated user lifecycle management also allows IT to more easily conduct audits by keeping an audit trail in reports that specify when users got assigned or unassigned, how and who approved those assignments.
The bottom line
As your organization grows and innovates, use of cloud-based technology and mobile access is likely to increase. Automating user identity and lifecycle management will streamline your workflows across HR, IT, and all departments that use SaaS and mobile devices.