Collecting, storing and protecting identity data is the job of the provisioning system. The absolute best is having an enlightened HR department that realise they can, and should, manage identities for staff and contractors. If your HR department is fixated on payroll, you’ll have to think again. Provisioning access to systems, restricted documents and buildings can be labour-intensive and consume an inordinate amount of staff time and company money; but is does not have to be this way.
Modern identity management systems have the ability to provide a repository for all identity data and provide it, in a controlled way to relying systems (systems that control access based on attributes of a user’s identity). The mark of a good identity management process is:
- identity data is collected at the earliest point in the on-boarding of an employee or contractor (ideally integrated with the recruitment tool)
- there is a single system which relying systems access for identity data.
Of course, provisioning is only half the story, de-provisioning, as part of the off-boarding process is possibly more important. The act of removing access rights for people who leave your organisation will reduce the risk of a security breach and improve the likelihood of a successful audit, both of which have significant return on investment.
A good provisioning system will leverage your company’s identity management environment to make the on-boarding and off-boarding of staff as efficient and effective as possible.