User provisioning involves giving users access to information technology (IT) systems. You can define this at the server, network, application, and user levels. I put together the following descriptions based on my company’s best practices and policies in each area:
- Network provisioning includes servers, devices, and users who need access to the network. For example, customers need access to wireless solutions in the telecommunications industry. This process goes more smoothly using workflow automation to efficiently assign access rights and restrictions.
- Server provisioning configures servers connected to your organization’s network. This type of user provisioning may include adding a new machine or physical hardware in your company’s server room or data center. It also includes installing software associated with running your network and storing data.
- Application provisioning enables administrators to optimize performance using workflow automation in various ecosystems.
User provisioning includes employee onboarding and helps your team manage digital identities. This includes adding permission as part of the provisioning process for new users and deprovisioning users as part of the employee offboarding process.
Provisioning users refers to granting access to new employees or team members. Deprovisioning refers to the removal of users from software and network assets when they switch departments or leave the company.
Table of Contents
- Why You Need User Provisioning
- Implementing User Account Provisioning
Why You Need User Provisioning
Effective provisioning and deprovisioning strategies help your company secure IT assets from unauthorized external use. It also protects your company by restricting access within the company to those users who need it to fulfill their job responsibilities.
When making decisions on permission setup best practices, I always consider the best way to use workflow automation to minimize maintenance and facilitate troubleshooting for end-users.
User Account Provisioning Scenarios
Here are the most common reasons your team will need to modify access rights:
- New employees: When someone new starts at our company, their supervisor fills out a software permission profile so the IT team can give them the appropriate access. This includes email provisioning and access to network drives the contain files for their team. Use groups to organize access to different software applications and add new employees to the appropriate groups. This is much more efficient than provisioning individual users.
- Promotion: When team members move into a new position, they may need more extensive rights, such as access to management regions within a sales application. However, if someone moves to another team, you may have to revoke their access to certain systems.
- Terminations: As soon as employees leave the organization, remove all of their access immediately. Former employees with access to your systems represent one of the biggest security threats to your company.
- Temporary access: Sometimes, consultants or employees may need access to certain files and applications. When possible, set them up in a test environment that contains the data they need. If you have to give permissions to employees or contractors, set up a clear protocol for how long they will have access to the system. If the length of the project is not conclusive, you can set up access to expire in 90 days with the option to reinstate it at any time.
User support: You may have to provision or de-provision employees if they forget their access or something goes wrong was their user account. When possible, implement single sign-on to prevent password issues or implement multi-factor authentication to make it easy for employees to identify themselves and reset their credentials automatically.
Implementing User Account Provisioning
- Step 1: Create an identity management strategy.
- Step 2: Build user provisioning and user deprovisioning use cases.
- Step 3: Launch a test program that utilizes workflow automation.
- Step 4: Implement your user management platform and policies companywide.
- Step 5: Monitor and maintain your critical systems for smooth operations and security purposes.
Step 1: Creating an Identity Management Strategy
I recommend that you review your current account provisioning strategy and note opportunities for improvement in the following areas:
- Pervasiveness: If your solution doesn’t cover all critical systems, it may be time to make adjustments to better protect your company’s assets.
- User experience (UX): Workflow automation tools with intuitive interfaces can simplify the provisioning process. For example, managers and supervisors might need access to provisioning tools for routine employee onboarding and offboarding on systems with a lot of turnovers. Otherwise, you may create a bottleneck while employees wait for access to individual systems.
- Fast Deprovisioning: Most employees leave their jobs on good terms. However, to eliminate the risk of unauthorized access, I prefer to develop an automated deprovisioning process that quickly eliminates their access to the network, software tools, and user files.
- Productivity: Ask managers and software administrators about the pain points of navigating your current solution. This provides the valuable insight you can incorporate into your best practices.
Step 2: Build User Provisioning and User Deprovisioning Use Cases
You can refer to the Project Management Institute (PMI) or another reputable organization for advice on building use cases for your user account provisioning.
Use cases come in handy when you don’t currently have a user provisioning solution. It also makes sense to build use cases for major structural changes within the company that will require significant modifications to your group and authorization protocols.
Here are some tips to help you get started:
- Develop use cases specific to provisioning and deprovisioning users. Look for more efficient ways to add or remove people and groups. When you create transparent processes, you can also spot security risks more easily. User provisioning software helps you automate more processes for faster turnaround times.
- Take an inventory of your critical applications and document the current provisioning and de-provisioning processes. Note any system with access management that doesn’t tie into user groups build for your organization.
Step 3: Launch a Test Program
I would recommend that you choose a user account provisioning tool that allows you to automate provisioning. During the test run, measure how long it takes to onboard and offboard employees in the new tool versus the old one (or adding users manually in each system).
- Determine the scope of the test run. Which users and systems will you include?
- Schedule your test run in a short time frame, preferably within 30 to 60 days to move the project forward.
Get user feedback. Use Qpoint or another tool to gather insight and make improvements before rolling out your solution across the enterprise.
Step 4: Roll Out Your User Provisioning Platform Companywide
Coordinate the implementation of your pilot program throughout the enterprise. This should include the help desk, quality control analyst, your internal audit team, and key stakeholders in management. Additionally, it may be a good idea to have vendor support on-site or available remotely for troubleshooting purposes.
Step 5: Monitor and Maintain
Set up an audit schedule to gather the following information and anything else that’s relevant to your organization:
- The number of provisioning requests completed in a timely manner. (Define a baseline and adjust as appropriate.)
- The number of requests handled by administrators or the help desk.
- Internal audit results and recommendations for improvement.
- User feedback, both compliments, and complaints can help you continue to improve the process.
When you pick the right account provisioning software, it can improve the security of your software applications and data.
You can also improve the efficiency and accuracy by automating your provisioning and de-provisioning. This helps you speed up the onboarding of new employees and increase the productivity of your IT resources.