What is provisioning?

Provisioning is the process of establishing IT infrastructure in business, generally defined at the network, server, application, and user levels.

Modern businesses depend heavily on information-technology resources to collect data, facilitate effective communication and collaboration, connect with customers, and more. In fact, technology powers essentially every aspect of business—from the services an organization provides, to how individual employees approach their tasks. Properly implemented, a business’ IT infrastructure helps optimize and support these essential processes. But infrastructure doesn’t develop naturally on its own; it requires effective provisioning.

Simply put, provisioning is an enterprise-wide approach to conceptualizing, deploying, and managing the full range of IT system resources. Although sometimes used synonymously with the term “configuration,” provisioning is a separate step in the deployment process.

As previously mentioned, there are four distinct levels of provisioning:

Network

Network provisioning is focused on creating and establishing networks which may be accessed by authorized servers, devices, and users. This level of provisioning is primarily associated with connectivity and security and relies heavily on device and identity management.

Server

Server provisioning refers to setting up servers for use within networks. This may also include installing operating systems, adjusting software control panels, or even assigning servers that have already been configured to specific users.

Application

Application provisioning is centered on optimizing performance for specific IT environments within a business. Administrators use application provisioning to create and deploy custom configurations (called packages).

User

User provisioning (sometimes also called account provisioning) is used to create, modify, delete, or disable users accounts within IT infrastructure. User provisioning is focused on user rights and permissions and managing the digital identities they are associated with. When access rights are removed, it is often referred to as deprovisioning.

User provisioning may be the most important level of provisioning for businesses to be involved in on a day-to-day basis. Because every new hire or position change within a company requires an update to user permissions, both provisioning and deprovisioning of users are essential to IT security, employee effectiveness, and process efficiency throughout an organization.

Ensuring that the right users have authorization to access the right applications and infrastructure brings with it several key business advantages. These benefits include the following:

Greater security

Effective user provisioning is designed to manage user access privileges and ensure established user security policies. Administrators define user permissions without having direct access to user passwords or other sensitive data, strengthening the business’ overall security posture. And, if a user needs a password change or other support, correct provisioning helps facilitate these tasks easily and quickly.

Provisioning Benefits - ServiceNow

Enforcement of regulations

Going hand in hand with improved security, the right IT provisioning solutions can also help enforce regulatory compliance throughout an organization. Creating audit logs, strengthening user information access, and enforcing control over sensitive data, provisioning is an effective solution for ensuring that vital standards are understood and being met.

Improved employee productivity

Managing credentials and verifying user identities are both primary functions of effective IT user provisioning. This may help improve employee productivity, eliminating many of the non-productive, time-consuming tasks associated with managing individual application passwords and other provisioning-related issues.

Streamlined user-centric administration

Provisioning allows administrators to manage user and application accounts from a single, centralized system. Application credential changes can be updated automatically, and administrators can provision a range of application accounts throughout the organization’s IT infrastructure.

Faster return on investment

Traditional user account management demands a significant investment, both in terms of time and money. Effective provisioning greatly reduces those costs, allowing businesses to earn back more quickly their investment and turn account management into a valuable company resource.

In most organizations, there are several essential, yet potentially cumbersome, processes necessary to ensure accurate user onboarding, offboarding, and updating. Addressing these processes manually and individually can easily eat up administrators’ valuable time, potentially hindering their ability to handle other important tasks.

Automated user provisioning automatically adjusts user access rights without the need for manual action on the part of the administrator. When new users join a company, established users change roles or responsibilities, or users leave an organization, automatic provisioning updates the users IT-resource access. This takes much of the responsibility of managing user permissions off the administrators’ plate.

Automated provisioning may provide several benefits for IT and HR departments. Key advantages of automated provisioning include:

Reduced risk of human error

Manual provisioning is never completely secure, particularly where it comes to creating passwords. Traditional methods for creating user accounts almost always involve the sharing of passwords and other log-in info with an employee. This not only makes the password available to at least one individual other than the person the password is intended for, but it also allows for human error as the password is shared across email, organizational communication platforms, or even through handwritten paper notes. Likewise, errors involving assigning the wrong privileges to the wrong users are increasingly common. Automated provisioning eliminates these risks, automatically providing permissions to the right users, accurately and safely.

Improved transparency

For peak organizational efficiency, businesses need to ensure that the right people have clear access to the right resources. Unfortunately, keeping track of who has permission to access what, and for how long, can be a difficult prospect when there is no up to-the-minute record of rights and system privileges. Automate provisioning keeps detailed record of each employee’s permission levels, and how those permissions are being used. With a central, connected view of user identities and access, administrators enjoy full transparency.

Elimination of security gaps

Often, threat actors take advantage of existing security gaps to seize control of established system permissions or to create new permissions for themselves. Automated provisioning greatly reduces this risk. In addition to eliminating human error from the security equation, automated provisioning systems create a single, approved path for setting and updating access rights. Additionally, administrators have full visibility into who has access. This effectively closes the security gaps that threat actors depend on.

Increased savings

Automatic provisioning systems are an investment; they tend to save organizations more money that they cost them. This is because, while the provisioning solutions aren’t inexpensive, they have the potential to significantly cut down on costs associated with onboarding and operations. And, as previously addressed, provisioning helps streamline IT and HR processes, improving productivity, and thus resulting in increased revenue from other projects.

Effective scalability

In traditional provisioning, business growth would often be accompanied by bottlenecks from manually assigning, removing, and updating system privileges. Automated provisioning allows organizations to scale at whatever pace is best for them, automatically providing and revoking systems rights and tool access as employees adopt new roles and new hires are brought in. With effective provision automation, companies can streamline their lifecycle management and identity management processes, for unrestricted scalability.

Implementing an effective user provisioning system is not an overly complex process. That said, businesses that want to enjoy the benefits of provisioning should consider taking the following steps:

  1. Evaluate your current identity management standing
    Start by taking a close look at the current identity management program. What are the provisioning needs, and how well does the existing program address those needs? Is access management easy to use, and do employees clearly understand their responsibilities and permissions? Does the current provisioning process reduce administrative burdens? Is the system usable, comprehensive, and secure? By developing an objective map of identity management as it currently exists in their organization, businesses can gain an accurate image of what they need in a provisioning solution.
  2. Create a clear business case
    Although effective provisioning will almost certainly pay back its investment in the long run, results may not be immediately apparent. By creating and sharing a detailed business case, administrators can get buy-in from key stakeholders, so that everyone is on the same page regarding what to expect. The business case should include relevant data and informed estimates about how the organization stands to benefit from implementing user provisioning, possibly including decreased security risk, improved productivity, reduced expenses, more-effective lifecycle management, etc.
  3. Test the solution
    Once a solution has been chosen, it needs to be tested on a sample group of users selected from across the organization. This pilot program will help the business gauge the effectiveness of the provisioning solution, while also identifying any issues that may be inherent. Set a specific time duration for the pilot program, determine which metrics will be most relevant, and be sure to solicit honest feedback from the test group to help refine the solution before moving on to full implementation.
  4. Roll out organization-wide user provisioning
    Armed with insights from the test program, it’s time to roll out the revised and improved provisioning solution across the entire company. Closely monitor how much user provisioning is completed within pre-established time frames, how often users need to request support, and any other findings from internal user-access audits. As always, be open to user feedback to help continually refine the provisioning solution.

Automated user provisioning can be an effective method for managing employee lifecycles and identities, but it’s not a magic bullet. To get the most out of a provisioning solution, consider the following best practices:

Automate wherever possible

The more automation the provisioning solution includes, the lower the risk of inaccuracies and security issues. This is especially true for any onboarding or offboarding processes. Automated provisioning and deprovisioning help ensure a smooth and secure transition every time that an employee is hired, promoted, reassigned, given new tools or resources, or leaves a company. At the same time, automated provisioning helps ensure that third-party contractors and partners have easy access to the system resources they need, without compromising sensitive data.

Deprovision users immediately as they exit

As an employee leaves, the administrator should move quickly to deactivate any permissions associated with that employee, as well as delete them from the directory. This will prevent unaccounted-for access, further improving the organization’s security standing.

Add more layers of security

Provisioning software is uniquely suited to empowering administrators in IT and HR with control over roles, access, and security policies across departments. By setting additional policies, these administrators can further secure applications and permissions, for increased protection of vital system access.

Monitor constantly

Systems are only as secure as the users who have access to them. Provisioning gives system administrators full visibility into the status of each employee and the resources they have access to; constant monitoring will help ensure that no user has higher access rights than they need, and that no accounts exist for deactivated users.

ServiceNow, the leader in workflow automation and IT management is revolutionizing user provisioning for businesses across a range of industries with IT Asset Management (ITAM) and related solutions. ServiceNow Software Asset Management (SAM) and Cloud Insights bring advanced automation to software allocation and provisioning, reducing time and effort in managing software/cloud resources and ensuring that employees are using the right software, with the right license type reflective of roles and responsibilities. At the same time, SAM also works hand in hand with Hardware Asset Management (HAM) to provide automated workflows to enable seamless onboarding for new employees, helping to ensure assets are provisioned correctly and that HR and IT both have visibility of what's being deployed, to whom.

Get the most out of your IT resources and ensure that every authorized user has the right access to the right applications and infrastructure, with ITAM from ServiceNow.

Explore Process Optimization

Learn more about Process Optimization and put the world’s most advanced workflow and activity diagramming tools to work for you.