Automated access provisioning for your organization’s joiners
First let me briefly explain what we mean by identity lifecycle management solutions and ideiio.
Identity Lifecycle Management also referred to as ILM is the practice of making sure the right people have the right access to the right systems at the right time with the ability to revoke access when it is no longer required.
At ideiio our platform is known internationally for its ILM capabilities, but as we can also provide auditing functionality to monitor who has access and when, this is more broadly referred to as Identity Governance and Administration or IGA.
So let’s get right to it and look at how Identity Lifecycle Management works for new joiners starting at your organization.
Part 1 – Joiners
Employee Onboarding Automation (Joiner)
When a new employee is hired, they need to have all of their IT accounts created and be given access to all of the required systems. They will probably need an email account created, they need to have accounts created in any IT system they will use, they also need to be given access to appropriate file shares and other resources.
Obviously, not every new employee should be given the same access. In addition to provisioning a baseline set of access that all employees get, often referred to as Birthright Access, employees will need access specific to their job function.
How can an Identity Lifecycle Management System help joiners?
A new employee’s journey usually starts with HR. The HR team ensures the new employee gets paid so everyone is motivated to make sure that process happens promptly and accurately! A lifecycle management solution will monitor the HR system to look for new employees, then
automatically provision access for the new employee. Employee access can be evaluated based on access control policies to ensure the new employee gets exactly the access that they need.
If accounts are needed in external systems, those can also be provisioned in accordance with the access policies applied to the new user. A good identity lifecycle management solution will ensure that a new employee has all necessary access to email and other systems set up from day one of their employment so can start productive work immediately – a Zero-day Start.
How can ideiio help with automated access provisioning?
ideiio provides a full identity lifecycle management solution to automatically handle provisioning new user access.
ideiio connect is the provisioning engine for ideiio. ideiio connect can monitor your HR System for any new employees. After the employee data is entered into the HR System ideiio connect creates the user record in ideiio based on that data.
Attributes from the employee’s record in the HR System are mapped to corresponding fields in our identity lifecycle solution. If necessary, ideiio connect can transform the incoming data with transformation pipes – for example, maybe your HR system uses the UK date format, and you want to manage dates in US format – ideiio connect can change the date format on the fly.
Once the data is in ideiio Lifecycle, the Birthright Access (a baseline set of access that all employees get) will be determined from the new Employee’s data and access Roles will be assigned.
ideiio connect will then create accounts in the external systems and automatically provision access as needed for the Birthright access and Roles calculated by ideiio lifecycle.
ideiio lifecycle workflows can be configured to send notifications to the employee’s manager and to the new employee.
I hope part 1 in this 3-part series has been useful and shed some light on how identity lifecycle management solutions can help simplify IT access provisioning for your organization’s joiners.