What is Provisioning?
Provisioning in its very essence has a very simple meaning – supplying with / making something available.
As we expand and try to understand this word from an Information Technology perspective, the definition gets more nuanced. Provisioning refers to an IT process involving some infrastructure enabling data transfer.
As we go on even further and look at it from an Identity and Access Management (IAM) perspective, it takes up the meaning of an identity management process that overlooks the changes in data of identities in identity stores.
Provisioning creates, updates, deletes, handles all identities (user accounts) across all connected IT Infrastructure and applications.
- If all employers were to sit down to manage every employee/user account across every business application and service manually and individually, they would quickly go out of business. Provisioning, or “User Provisioning” enables seamless and automated control over all information updates that are required to be made when there is some change in data of a group of users – there might be address updations, account disables, new enrollments/creations, permission management, the list is endless.
- It is estimated that an average-efficient IT department will take ~30 minutes to set up an employee account for every new hire, which is an enormous amount of time when scaled to hundreds of joinees. Not to mention the existing employees requiring attention on their accounts. This time can be greatly reduced by using Provisioning processes.
- If an organization has ~15 business applications across which it has accounts created for its employees, even if 5 employees leave, the IT department will need to delete ~50 user accounts across all these applications manually, which is clearly a big problem waiting to be solved. The solution is Provisioning. Provisioning can be set up in a way that triggers necessary actions on data when particular changes are made. Like most good automation solutions today, provisioning takes care of the most chaotic problem we face – human error. A problem without a pattern is very dangerous and any solution to it is instantly adopted.
- Provisioning also greatly helps in improving the onboarding experience of new employees – nobody wants to sit and create multiple user accounts on the first day of work.
How does Provisioning work?
Now that we’ve understood that provisioning is a simple but necessary identity management automation process that takes care of individual digital identities along with their access rights, permissions, and data changes, let’s take a look at how provisioning works.
When we look at an automated user provisioning information flow, we see that users are added to applications and services based on specific, predefined user roles. Whenever a user is assigned a role, that user is automatically created in the associated application/service and granted required access permissions.
Consequently, when any user is “deprovisioned”, that user’s identity and all of it’s related accounts across the organization’s applications/services ecosystem are deleted without needing manual intervention. All granted permissions and authorizations are securely revoked, as a result.
Why is Provisioning required?
Here’s the problem provisioning solves, from a first-principles perspective –
The internet is huge. The number of users here are overwhelmingly high. As are the number of applications and services and websites and resources. It is highly difficult to assign identities to all of these users from the perspective of every individual resource, and even more difficult to further maintain all of these identities. It is a tedious task to assign appropriate permissions and access grants to every user in a group according to their individual requirements and rights. It is also a tedious task to delete every account once the user leaves that context, modify all information according to every changing need, etc.
Provisioning takes responsibility for all of these problems. It automates most of these facets of the Identity Management process. It works right from the large context of the internet to the small context of businesses and organizations.
What are the different variations of Provisioning?
As most IT processes, provisioning comes in various shapes and forms. Here’s a few you might have heard of already –
- User Provisioning
- Group Provisioning
- SCIM Provisioning
- Account Provisioning
- Identity Synchronization
Not all of these are categorically different from one another, some are subsets or supersets of each other, but let’s briefly look at what these mean –
1. User Provisioning can be defined as the broad process which involves all of the individual sub functionalities, namely account creation – deletion – updation, permissions and access management, data modification, identity storage and handling, etc.
2. Group Provisioning involves a simpler way of dealing with individual users and provisioning processes of those users – by identifying identities under groups and then handling provisioning for those groups as a whole. It can be understood as further optimization of the automation that is provisioning.
3. SCIM Provisioning is an abbreviation for “System for Cross-Domain Identity Management”. SCIM is, simply put, an open standard that communicates identity data between Identity Providers and Service Providers.
4. Account Provisioning involves all the processes that act on user accounts, which includes account creation, deletion, changing, permission management, disabling, etc.
5. Identity Synchronization refers to a real-time and automatic syncing of data across different identity stores that are connected. An example of this would be – changing of source e-mail address should change the email address everywhere it is used.
What are the various benefits of Provisioning?
- Lower repetitive and manual work
- Get deeper insights on user behavior and data
- Simplify user onboarding experience
- Save time, resources, and costs
- Automate account creation and handling
- Much higher security, much lower human error
- Reduce complexity, increase efficiency
Provisioning with miniOrange
miniOrange provides a wide range of Provisioning solutions. With us and our provisioning solution, you can create, manage, & delete your external and internal users’ access to on-premises, cloud, and hybrid apps.
We also have pre-integrated apps for Provisioning and Deprovisioning :