What is provisioning?
- IAM Glossary
- What is provisioning?
In the context of Information Technology (IT), provisioning is the process of setting up IT infrastructure. This infrastructure could be physical equipment, such as provisioning servers or laptops, or virtual, as in provisioning cloud instances or user accounts.
Provisioning is sometimes confused with configuration. Provisioning refers to making the infrastructure available for configuration. First, you provision the infrastructure, and then, you configure it.
As an analogy, you’re “provisioning” your home by signing a lease or a mortgage. Then, you “configure” it by moving in and setting up the space to your liking.
Different types of provisioning
Provisioning is a broad term that’s used in a variety of contexts in IT. Let’s examine some of the most common ones.
- Server provisioning is the process of setting up an on-premises server for use in a network.
- User provisioning is an integral part of identity management. It refers to setting up user accounts for various resources within the organisational data environment, from email to databases to help desk ticketing systems.
- Network provisioning involves setting up a network so that end users, devices, hardware and applications can access it.
- Cloud provisioning refers to setting up cloud resources, such as Virtual Machines (VMs) and containers. In the cloud computing world, provisioning is often referred to as “spinning up” a resource.
- Application provisioning refers to installing and updating applications on end-user machines, including desktop computers, laptops and mobile devices.
- Service provisioning refers to the initial setup of a service, such as a new public cloud or, in the telecommunications world, new mobile phone service.
- SCIM provisioning, or System for Cross-domain Identity Management, operates using HTTP request methods to manage user data throughout the identity lifecycle. It works with existing web standards and is typically easy to integrate.
For the purposes of this article, we will be focusing on user provisioning.
What is automated provisioning?
Prior to the introduction of cloud computing, IT hardware provisioning was performed manually. Admins had to manually set up and configure servers and other network hardware, which was a tedious, time-consuming process. Adding network or storage capacity was a capital expense that had to be planned well in advance. User provisioning was automated to some extent, but it still required quite a bit of manual work.
In modern, cloud-based data environments, most IT infrastructure is virtual, and provisioning is done through software. For example, the ability of cloud services to automatically scale network capacity is a major selling point for cloud migration. This eliminates the risk of organisations purchasing more hardware than they need, and also prevents them from being caught short during a sudden surge in business.
IT teams commonly use identity management platforms to automate user access provisioning. When a new employee is onboarded, IT administrators use the platform to assign them a “role,” and the employee is automatically granted access to certain applications based on that role. If the person changes roles or leaves the organisation, an IT administrator simply updates their role, and their access levels change, as appropriate.
Benefits of automated provisioning
Easier, faster and less error-prone user onboarding and offboarding. Having to manually configure user access for every employee, one by one, is tedious and time-consuming. This is especially true in very large or rapidly-growing organisations where dozens or even hundreds of employees each week must be onboarded, offboarded or need their access levels changed. Automating these tasks saves time and minimises the possibility of a configuration error.
Productivity enhancements and cost savings. New employees get all of the resources they need to do their jobs on day one. Instead of being bogged down in administrative tasks, IT teams can devote time to projects that drive the business. In addition to enhancing productivity, this saves organisations money by minimising overhead costs and downtime.
Security enhancements. New users get the minimum level of access that they need to do their jobs, a departing employee’s system access can be terminated immediately and it’s a lot less likely a mistake will be made. IT and security personnel also have better visibility into who has access to what.
Provisioning best practices
Centralise your user identities. Use a central, cloud-based Identity and Access Management (IAM) directory service that can sync identities between Office 365, Google Workspace, HR and payroll systems, as well as other major directories, such as Active Directory.
Avoid overly-broad and narrowly-defined user roles. Properly-designed user roles are crucial to automating user provisioning and ensuring least-privilege access for all users. If roles are too broad, users will have more access than their job requires. If they’re too narrow, they won’t have access to the applications they need – and your IT team will have to manually provision more access, which defeats the whole purpose of automated provisioning.
Automate provisioning wherever and whenever possible. The more tasks you automate, the greater the benefits to your organisation.
Make sure you can de-provision departing users rapidly. Regardless of which IAM tool you choose, be sure it offers the ability to revoke user access to all organisational resources with one click. This helps prevent any potential security issues.