Organizations are increasingly using technological tools to innovate. They are actively pursuing new initiatives, and the business wants to quickly and securely adopt new cloud applications at a rapid pace.
These innovations make many things easier for companies. For example, an online cloud archive offers the advantage that every employee can view the same documents simultaneously. Also, work has become more flexible in many cases. Employees can work from home or other locations, for example.
But these technological developments and innovations also bring challenges. Various tools are needed so that employees can do their work from multiple locations. Also, collaboration with partners and suppliers also requires a good system or tool to ensure smooth and secure cooperation. Also, companies must protect themselves against hacks and data breaches.
To manage all these innovations in an organized way and to ensure that employees, partners and suppliers can perform their tasks easily and securely, a system is needed that controls user access. Provisioning is about automatically managing the lifecycle of system users, also known as automating the joiner, mover and leaver cycle. On this page, we explain what provisioning is and how it works.
Provisioning is all about managing access to certain information in an IT system. This is done through accounts of, for example, employees or external users. Provisioning is not only about creating these accounts, but also about updating or deleting them. This is necessary because there are a large number of users who do not all have the same access rights. And in addition to having different access rights, those rights also frequently change per user. For example, an employee can start as an intern and end up as a department head. These changing access rights of a user are called the 'user lifecycle'.
When a new employee or partner is welcomed at a company, or when someone changes function, department or project, this has consequences for their rights in the IT system. These must therefore be adjusted. For example, someone may need access to more information or receive more authority to modify documents. Various actions must then take place to ensure that their access to company information or resources remains in line with business and security policies. Because provisioning is closely tied to granting access and security, it falls under a company's Identity & Access Management (IAM).
Identity & Access Management (IAM) has the same goal as provisioning: securely managing access rights to company information and resources. But IAM is broader and concerns the overarching management, while provisioning is about actually enabling this access management. Automating the actual provisioning therefore requires a tool or software with which accounts can be managed and rights can be automatically assigned.
IAM addresses two challenges. The first challenge is making the work of all people involved in a company as smooth and easy as possible. The second challenge is keeping everything secure. It is therefore about determining and managing who has access to certain information and resources, and when. Many factors come into play, which differ for every company. Think of the number and nature of business processes, sensitive company information, the number of partners and their role. But also the desired login method and the management of accounts and access rights.
Setting up IAM manually can therefore be quite a task, because access management needs to be arranged differently for every company. Provisioning makes it actually possible for accounts and rights to be assigned and easily managed.
Suppose a new employee joins your company. A first step for the HR department is creating an account for this person. Then, certain access rights must be linked to that account. After all, the new employee needs access to certain applications, software and information to be able to do their job properly.
A balance must be struck in that access between being able to perform work effortlessly and maintaining security. For some organizations, finding this balance is more difficult than for others. In healthcare, for example, determining that balance can sometimes be challenging, because personal patient information is involved.
When an employee gets promoted or changes function, their access rights sometimes change. This has consequences for application access. Some tools or information may no longer be needed, while access to other information is required. Also, sometimes it is not only employee access rights that change, but also the structure of a company. Also, certain external partners also need permanent or one-time access to company information. A company therefore deals not only with changing access rights, but also with new access rights, access rights that expire or access rights that are merged due to changed company structures. And finally, it must also be ensured that employees who leave an organization no longer have access to company information. One-time collaboration partners must also not be able to get permanent access.
If all of this has to be done manually, it is quite a job and the management usually falls to the IT department. Managing access rights and accounts often takes a lot of time for that department. That is why many companies choose to automate provisioning and user lifecycle management. This allows IT departments, and potentially other departments, to save considerable time.
Tools for automated provisioning, such as Okta Identity Cloud Lifecycle Management, provide an integration with HR software. This ensures that various profiles can be linked to rights or permission sets. A company does not need to recreate all existing profiles from scratch.
Suppose your HR department creates a new employee account. Then Okta Identity Cloud, or another provisioning tool, can automatically grant this account access to, for example, the schedule, the chat program or other required applications. Also, an administrative employee probably needs access to different applications than a sales employee. During the setup of Okta Identity Cloud, this is accommodated so that the correct access rights are assigned in all cases.
The access rights and permission sets are all managed in the provisioning tool. When an employee gets a different role or function within the organization, those rights can easily be adjusted or automatically updated to different access rights.
Depending on the tool, users can also submit an access request for certain applications themselves. That request then goes directly to, for example, the application manager or the department manager. After approval, the rights in the provisioning tool are automatically adjusted. When employees or partners leave an organization, the company can rely on this automation to ensure their accounts are immediately fully deleted or deactivated.
But besides employees, the organization itself can also change. In the case of a new application, department or system, access rights can be quickly arranged using a provisioning tool. This is done based on the available information in the program about permission sets and company security.
The provisioning tool thus helps throughout the entire user lifecycle. It provides a central location for account management and helping guarantee company security. This saves the IT department time and gives them the ability to create automatic reports. In these reports, they can see, for example, which user was granted certain access and who approved the request. These are matters that are essential for demonstrably being in control of assigned access rights, for example during audits. But also for meeting regulatory compliance and certification requirements.
FuseLogic stands for a modern approach to Identity & Access Management and advocates pragmatic solutions where the organization, with all its processes and dynamics, is the starting point. That is why we are a partner of Okta Identity Cloud. This is the modern Identity Management standard, designed for rapid implementations.
Okta Identity Cloud forms the foundation for secure connections between people and technology. Okta Identity Cloud is a cloud platform for all kinds of Identity Management applications. Okta Identity Cloud enables companies to easily and automatically manage access for employees, partners, customers and other parties. This is possible for all types of applications and on any device. Because Okta Identity Cloud offers out-of-the-box integrations for thousands of apps and applications, there is a good chance that Okta Identity Cloud directly supports most of your organization's applications. The platform is therefore not just a provisioning tool, but a tool that can be used across all areas of Identity Management.
Okta Identity Cloud provides automated management of rights and accounts. The starting point is existing business processes and information. For example, you can automatically grant or revoke certain partners' access to specific resources based on existing data. Future changes can also be recorded in advance. This makes it possible, for example, to determine that an intern receives access to information for a set number of months.
With intuitive Self-Service capabilities, requesting access is made as smooth as possible. You can decide how you want to grant that access, for example through approval by an application manager.
Of course, you always have management control. You can view reports and choose to perform periodic reviews of all access rights. You can also make certain access impossible in the system. For example, you can specify that only the management team can request a certain authorization. Or that an authorization is automatically revoked after a set time. What you define depends entirely on your business processes and rules. In this way, Okta Identity Cloud is a secure foundation for your company.
Identity Management often has the reputation of being difficult to set up and taking a long time before it adds value. We do things differently. With our solution based on the Okta Identity Cloud platform, you have everything you need to automate the user lifecycle. This way, your company has control over who has what access, without having to spend a lot of time on it. This is thanks to the smart self-service capabilities.
This allows us to easily automate an organization's Identity Management and accelerate the implementation of new apps or systems.
Technology alone is not sufficient for successful Identity Management or provisioning. When granting access to company information, the questions 'who' and 'why' are crucial. At FuseLogic, we therefore like to approach an IAM challenge from an organizational perspective, based on our years of experience. The existing business processes and data in existing systems are the starting point. This enables us to deliver fast results, allowing the organization to experience how it will work in practice.
Would you like to learn more about provisioning, about our approach or about how we deliver Identity Management at the speed of business? Get in touch with us. We are happy to help.