Table of Content
- Template-based user provisioning in a nutshell
- User provisioning
- Types of user provisioning
- User de-provisioning
- Template-based provisioning and de-provisioning system
- Benefits of using a template-based system
- Why consider template-based provisioning systems?
Read more
Template-based user provisioning in a nutshell
Ron is an IT administrator at a rapidly growing company in New York. Each day, Ron's inbox gets flooded with hundreds of emails asking for access to different systems and resources. Ron has to create and assign accounts to new employees who have joined and delete accounts of those who have left the organization. Ron is tired of manually creating, modifying, transferring, and deleting all these accounts and permissions. After constantly performing these tasks, Ron does not any have energy or motivation left to do the IT administrator work he was originally assigned to do. He has become unintentionally negligent and risks the organization's network health and security.
Companies like Ron's that use manual user provisioning and de-provisioning processes risk a lot of competitive advantage when compared to their competitors who have employed an automated identity and access management (IAM) solution and make use of template-based provisioning and de-provisioning. By continuing to use manual processes, companies like Ron's have to bear the heavy brunt of security risks from human errors and will lack a transparent view into their corporate IT environment. They also tend to waste a substantial amount of human resources on tasks that can be automated. Incorporating an IAM solution into their organization can be the game changer for them, helping them close the gap on their competition.
User provisioning
User provisioning refers to the creation, modification, management, and maintenance of new user accounts and giving them the necessary permissions and authorizations to access corporate resources as per their role. A strong user provisioning process is essential for any organization to ensure that new users face no setbacks when getting set up with their roles and positions, in effect making them more productive and efficient.
Types of user provisioning
There are three commonly used types of user provisioning seen in organizations worldwide. They are:
Discretionary user account provisioning:
This form of user provisioning lets the employees request and manage access to required resources through password-based systems. This method lessens the work required from an administrator and accelerates the user provisioning process, but is still very much dependent on humans.
Workflow-based user account provisioning:
In companies using a workflow-based user account provisioning process, users don't make direct requests for access to required systems and information but instead need to be signed off for access. For example, a new employee would require their manager to grant them permission to access certain enterprise resources and apps to use them.
Automated user account provisioning:
This kind of provisioning is done by implementing an IAM solution in the organization. This is the fastest and most secure type of provisioning possible. The IAM solution automates everything related to access, permissions, and workflows based on a set of rules. These rules are set based on organizational needs and have the added benefit of providing valuable data on what each user is doing in the IT ecosystem.
User de-provisioning
User de-provisioning generally refers to the revocation and withdrawal of permissions and access to various enterprise apps, accounts, and networks—typically when an employee leaves the organization. It is essentially the opposite of user provisioning and frees up company resources such as ports, accounts, licenses, physical assets, certificates, and storage for other uses. This process ensures employees don't retain any access to corporate resources once they leave the organization. Just like user provisioning, user de-provisioning can also be automated using an IAM solution. Automating user de-provisioning makes it faster, more secure, and less prone to errors, ensuring the company's security and confidentiality remain intact.
Template-based provisioning and de-provisioning system
Template-based provisioning and de-provisioning is when customizable templates are used to simplify and standardize the onboarding and offboarding of employees in an organization. Templates are highly effective when it comes to creating and modifying accounts for users who share identical properties and attributes. A template can also be used to customize workflows to de-provision employees who are leaving and lock them out of the organization's resources.
Benefits of using a template-based system
These are some of the benefits of deploying a template-based user provisioning/de-provisioning system:
- Using customized templates for both onboarding and off boarding employees with similar attributes and roles can help save time and effort. A simple, one-step solution that can be customized to both grant and revoke permissions to hundreds of employees as needed can save an organization hundreds of dollars in labor costs.
- When using the highly customizable templates, senior IT roles can safely delegate tasks like account creation and deletion to junior IT roles, freeing them up to focus on more important issues that require technical expertise. A good example of this would be a university, which tends to see the inflow and outflow of hundreds of students every year. Administrators working there can create and delegate templates to department heads, who can then use them to provision accounts for incoming students and de-provision accounts for the outgoing ones. This takes a load of responsibility off the admin's back and gives them time to focus on more important tasks at hand.
- Using templates allows administrators to easily change access or authorization sets for employees being transferred to different departments or offices. The task, if done manually, would be prone to errors and highly redundant when considering the amount of transfers that could happen in a corporate office. Templates allow modifications to be done in bulk through minimal UI-based actions.
- When it comes to inter-departmental transfers, administrators who have access to template-based provisioning can create a template that automatically revokes access to the previous department resources and provides access to the resources of the new department. An administrator who does not have access to template-based provisioning will certainly take longer to complete the same task, as they would have to revoke and modify each employee's permissions manually, one by one.
- Template-based provisioning systems allow a diverse range of controls when it comes to provisioning and de-provisioning, allowing administrators to deploy rule-based instructions specifying which fields and attributes can be auto-filled. For example, an administrator can write rules and use the template-based provisioning system to automatically allow new employees access to respective groups based on the department and manager that employee is being assigned to.
Why consider template-based provisioning systems?
Automated template-based provisioning systems can provide your organization with high levels of transparency into your employees' life cycles. It also drastically reduces the time employees have to wait to receive the permissions and authorizations they need to be productive, which saves time and money by reducing unproductive work time.
Using an automated template-based de-provisioning process also improves productivity, resource utilization, and security by ensuring that every obsolete and duplicate account is deleted and removed from the organization's IT environment.