Table of Content
- Provisioning and de-provisioning in a nutshell
- Types of provisioning
- Automated provisioning and de-provisioning
- Benefits of automated provisioning and de-provisioning
Provisioning and de-provisioning in a nutshell
An employee walks into a bar and sees his HR representative. The employee pats his HR representative on the back and asks, "How's work? It shouldn't be that hard, right? After all, you just onboard and off-board employees." The HR representative sighs and responds, "You know Internet Explorer, right? The older version? Now imagine having 8,560 tabs open on a 4GB RAM system, categorizing these tabs, and managing each one of them. That's my life right now."
After recruiting an employee, organizations must ensure that they're provided with the required tools and privileges and that the employee doesn’t have access to tools that are not required for their role. For example, a content writer will not require access to a coding tool like MS Visual Studio since the tool is irrelevant to the role of a content writer.
In simple terms, the word provisioning means providing the necessary tools to a person and de-provisioning means taking back (removing) those tools. Provisioning takes place when a new employee joins the organization and de-provisioning takes place when an employee leaves the organization.
Definition
User provisioning and de-provisioning is an identity and access management procedure that entails creating, managing, updating, and deleting employee accounts (identities) and granting them access to the organization's resources with appropriate rights and permissions.
Both provisioning and de-provisioning play an important role in employee life cycle management. Life cycle management is the process that focuses on the nurturing and development of an employee. Each stage of an employee's life cycle could require access to new tools and systems as their employment changes (e.g., promotions).
Types of provisioning
In an identity and access management context, provisioning is divided into the following categories:
User provisioning
User provisioning is a component of identity management that keeps track of permissions and access rights. User identities, such as employees, contractors, vendors, and others, require provisioning. Database, system, and application access are some of the services that are provided.
Bottomline: Applicable for different types of users
Service provisioning
Service provisioning involves the configuration of a service (e.g., cloud services) and managing the access and data permissions. For example: access to Adobe Photoshop.
Bottomline: Applicable for different types of services
Server provisioning
Setting up physical hardware in a data hub, configuring software, such as the operating system and applications, and connecting it to middleware, networks, and storage are all part of server provisioning. Server provisioning can also be applied to virtual machines that run on the cloud.
Bottomline: Applicable for a physical or virtual computer system
Network provisioning
The process of setting up a network so that authorized users, devices, and servers can access it is known as network provisioning. In general, network provisioning is related to the connection and security of a network. Access to Wi-Fi and changing IP addresses are some of the steps involved in the process.
Bottomline: Applicable for a specific network connection
Automated provisioning and de-provisioning
The process of providing the required resources to numerous employees can be a tedious task. This is where automation can help. Automation expedites the processes involved in an employee's life cycle management, improves productivity and efficiency, and reduces the margin of error.
For an easier understanding of automation, let’s make a group called "Content Writer." The HR or IT department assigns specific tools that can be accessed by those who are only under this group. Now, whenever a new content writer is recruited, the user is automatically assigned to the Content Writer group. Since the group has predefined access controls and permissions to the applications, the new user automatically receives these applications. The whole process becomes hassle-free and well-organized. This is also called group provisioning.
When the employee leaves the organization, the user's account is automatically removed (de-provisioned) from the group, revoking the access to the applications and services.
Benefits of automated provisioning and de-provisioning
Hassle-free process
When a new employee starts working for an organization, the provisioning tool will automatically set up the login credentials, email accounts, and the required tools for them along with giving them the permissions based on their role. When the employee leaves the organization, the provisioning tool automatically deletes the employee's identity.
Robust security
Automatic provisioning enhances an organization's IT security by automatically allocating different levels of permission based on the role of an employee.
Cost reduction
Performing the onboarding and off-boarding process of each employee requires a lot of man power, resources, and time. Automating the whole process reduces the complexity, lowers expenses, and expedites the entire process.
Centralized auditing
Automated provisioning provides central integration of user access and identities, giving administrators a bird's-eye view of all the access and permissions. This allows them to easily change the permission levels accordingly.
Automated provisioning eases the onboarding and life cycle management process to be more robust, flexible, and optimized. With AD360's advanced automation mechanism, administrators can expedite their onboarding and off-boarding processes, boost their productivity and efficiency, improve audit capabilities, and meet regulatory requirements.