Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
In the context of Information Technology (IT), provisioning is the process of setting up IT infrastructure. This infrastructure could be physical equipment, such as provisioning servers or laptops, or virtual, as in provisioning cloud instances or user accounts.
Provisioning is sometimes confused with configuration. Provisioning refers to making the infrastructure available for configuration. First, you provision the infrastructure, and then, you configure it.
As an analogy, you’re “provisioning” your home by signing a lease or a mortgage. Then, you “configure” it by moving in and setting up the space to your liking.
Provisioning is a broad term that’s used in a variety of contexts in IT. Let’s examine some of the most common ones.
For the purposes of this article, we will be focusing on user provisioning.
Prior to the introduction of cloud computing, IT hardware provisioning was performed manually. Admins had to manually set up and configure servers and other network hardware, which was a tedious, time-consuming process. Adding network or storage capacity was a capital expense that had to be planned well in advance. User provisioning was automated to some extent, but it still required quite a bit of manual work.
In modern, cloud-based data environments, most IT infrastructure is virtual, and provisioning is done through software. For example, the ability of cloud services to automatically scale network capacity is a major selling point for cloud migration. This eliminates the risk of organizations purchasing more hardware than they need, and also prevents them from being caught short during a sudden surge in business.
IT teams commonly use identity management platforms to automate user access provisioning. When a new employee is onboarded, IT administrators use the platform to assign them a “role,” and the employee is automatically granted access to certain applications based on that role. If the person changes roles or leaves the organization, an IT administrator simply updates their role, and their access levels change, as appropriate.
Easier, faster and less error-prone user onboarding and offboarding. Having to manually configure user access for every employee, one by one, is tedious and time-consuming. This is especially true in very large or rapidly-growing organizations where dozens or even hundreds of employees each week must be onboarded, offboarded or need their access levels changed. Automating these tasks saves time and minimizes the possibility of a configuration error.
Productivity enhancements and cost savings. New employees get all of the resources they need to do their jobs on day one. Instead of being bogged down in administrative tasks, IT teams can devote time to projects that drive the business. In addition to enhancing productivity, this saves organizations money by minimizing overhead costs and downtime.
Security enhancements. New users get the minimum level of access that they need to do their jobs, a departing employee’s system access can be terminated immediately and it’s a lot less likely a mistake will be made. IT and security personnel also have better visibility into who has access to what.
Centralize your user identities. Use a central, cloud-based Identity and Access Management (IAM) directory service that can sync identities between Office 365, Google Workspace, HR and payroll systems, as well as other major directories, such as Active Directory.
Avoid overly-broad and narrowly-defined user roles. Properly-designed user roles are crucial to automating user provisioning and ensuring least-privilege access for all users. If roles are too broad, users will have more access than their job requires. If they’re too narrow, they won’t have access to the applications they need – and your IT team will have to manually provision more access, which defeats the whole purpose of automated provisioning.
Automate provisioning wherever and whenever possible. The more tasks you automate, the greater the benefits to your organization.
Make sure you can de-provision departing users rapidly. Regardless of which IAM tool you choose, be sure it offers the ability to revoke user access to all organizational resources with one click. This helps prevent any potential security issues.