Why AD360
 
Solutions
 
Resources
 
 

What is user provisioning and de-provisioning?

Sachin Raaghav

Apr 2010 min read

Book Demo

Table of Content

Read more
  • 5 pain points you can overcome in AD user account management  
    Manual vs. automated identity life cycle management  
    Active Directory clean-up: Should you automate it?  
  • Maintain confidentiality of critical information by implementing the POLP  
    6 essential capabilities of a modern UBA solution  
    How can SSO help in reinforcing password security?  
  • Authentication vs. authorization  
    5 simple steps to HIPAA compliance  
    Smart strategies to provision and de-provision Active Directory  

Provisioning and de-provisioning in a nutshell

An employee walks into a bar and sees his HR representative. The employee pats his HR representative on the back and asks, "How's work? It shouldn't be that hard, right? After all, you just onboard and off-board employees." The HR representative sighs and responds, "You know Internet Explorer, right? The older version? Now imagine having 8,560 tabs open on a 4GB RAM system, categorizing these tabs, and managing each one of them. That's my life right now."

After recruiting an employee, organizations must ensure that they're provided with the required tools and privileges and that the employee doesn’t have access to tools that are not required for their role. For example, a content writer will not require access to a coding tool like MS Visual Studio since the tool is irrelevant to the role of a content writer.

In simple terms, the word provisioning means providing the necessary tools to a person and de-provisioning means taking back (removing) those tools. Provisioning takes place when a new employee joins the organization and de-provisioning takes place when an employee leaves the organization.

Definition

User provisioning and de-provisioning is an identity and access management procedure that entails creating, managing, updating, and deleting employee accounts (identities) and granting them access to the organization's resources with appropriate rights and permissions.

Both provisioning and de-provisioning play an important role in employee life cycle management. Life cycle management is the process that focuses on the nurturing and development of an employee. Each stage of an employee's life cycle could require access to new tools and systems as their employment changes (e.g., promotions).

Types of provisioning

In an identity and access management context, provisioning is divided into the following categories:

User provisioning

User provisioning is a component of identity management that keeps track of permissions and access rights. User identities, such as employees, contractors, vendors, and others, require provisioning. Database, system, and application access are some of the services that are provided.

Bottomline: Applicable for different types of users

Service provisioning

Service provisioning involves the configuration of a service (e.g., cloud services) and managing the access and data permissions. For example: access to Adobe Photoshop.

Bottomline: Applicable for different types of services

Server provisioning

Setting up physical hardware in a data hub, configuring software, such as the operating system and applications, and connecting it to middleware, networks, and storage are all part of server provisioning. Server provisioning can also be applied to virtual machines that run on the cloud.

Bottomline: Applicable for a physical or virtual computer system

Network provisioning

The process of setting up a network so that authorized users, devices, and servers can access it is known as network provisioning. In general, network provisioning is related to the connection and security of a network. Access to Wi-Fi and changing IP addresses are some of the steps involved in the process.

Bottomline: Applicable for a specific network connection

Automated provisioning and de-provisioning

The process of providing the required resources to numerous employees can be a tedious task. This is where automation can help. Automation expedites the processes involved in an employee's life cycle management, improves productivity and efficiency, and reduces the margin of error.

For an easier understanding of automation, let’s make a group called "Content Writer." The HR or IT department assigns specific tools that can be accessed by those who are only under this group. Now, whenever a new content writer is recruited, the user is automatically assigned to the Content Writer group. Since the group has predefined access controls and permissions to the applications, the new user automatically receives these applications. The whole process becomes hassle-free and well-organized. This is also called group provisioning.

When the employee leaves the organization, the user's account is automatically removed (de-provisioned) from the group, revoking the access to the applications and services.

Here's a tip: Using AD360, you can automate the entire Active Directory user creation process to save time and effort. You can also leverage review-approval-based AD user provisioning automation and keep track of the entire automation process via reports.

Benefits of automated provisioning and de-provisioning

Hassle-free process

When a new employee starts working for an organization, the provisioning tool will automatically set up the login credentials, email accounts, and the required tools for them along with giving them the permissions based on their role. When the employee leaves the organization, the provisioning tool automatically deletes the employee's identity.

Robust security

Automatic provisioning enhances an organization's IT security by automatically allocating different levels of permission based on the role of an employee.

Cost reduction

Performing the onboarding and off-boarding process of each employee requires a lot of man power, resources, and time. Automating the whole process reduces the complexity, lowers expenses, and expedites the entire process.

Centralized auditing

Automated provisioning provides central integration of user access and identities, giving administrators a bird's-eye view of all the access and permissions. This allows them to easily change the permission levels accordingly.

Automated provisioning eases the onboarding and life cycle management process to be more robust, flexible, and optimized. With AD360's advanced automation mechanism, administrators can expedite their onboarding and off-boarding processes, boost their productivity and efficiency, improve audit capabilities, and meet regulatory requirements.