Implementing Identity Management – Two Steps Forward, One Step Back

July 7, 2014
implementing identity management

Can implementing Identity Management (IDM) degrade a company’s provisioning performance?

In a word, yes!

You may be asking yourself how this is possible when we would expect that linking to the HR system and automating routine provisioning tasks would actually enhance service. While that is the ultimate goal of the IDM solution (integration and automation), it ultimately comes down to how the processes come together with the technology.

Many organizations have disconnected processes for onboarding new employees, and despite the large amounts of manual effort and inefficiency, the processes generally work from the end-user perspective. Let’s walk through an example. In Company A all the onboarding processes are independent of each other (For example, Recruiting, HR, IT, and Asset Management). So what happens when a new candidate gets a job offer? The recruiting folks send an email to the IT and Asset Management teams so they can create a network account, assign a UserID and begin building a workstation for the employee BEFORE they even accept the offer. By the time the employee actually accepts and joins the firm, all of the core provisioning tasks have been completed or are well underway.

Now, what happens when we implement an IDM provisioning process that is tied to the Human Resources Information System (HRIS)? The process fails to deliver a full provisioned employee on Day 1. This happens because the parallel provisioning processes that were once kicked off by an email are now tied to the flow of data through HRIS and the IDM system. This means that provisioning activities don’t start until the user record is created in HRIS, which occurs too late in the process for the provisioning tasks to be completed.

The solution to this problem is to map out your processes and identify what information is available and when it is available; as well as understanding the time to fulfill provisioning requests. Once you understand the processes you can decide whether integrating with HRIS is viable or if you need to integrate with the recruiting application to get the new user’s data as soon as the candidate accepts the offer. Automating, and ultimately fixing, the provisioning processes begin by understanding how the data flows through the process so the system can kick off the provisioning tasks. In the end, the provisioning process will be more efficient and consistent.



Follow @Idenhaus on Twitter and subscribe to our Identity Management biweekly or our healthcare IT biweekly newsletter.

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us

More News