

Discover more from IAM Bitesize - Identity & Access Management Weekly Guides
11: What is Identity Provisioning?
Audio Cast:
Takeaway Points:
Identity data needs typically needs to be synchronised across a range of different systems
This syncing capability is present in both B2E and B2C ecosystems (as well as potentially non-person entity and machine identities too)
In a B2E environment, it is ideal (and increasingly common) to have a single authoritative source of identity data
This source is like the “truth” from which other systems base their account.
HR is typically used for this - as ideally that data is assured to a certain degree and maps nicely into the life cycle of the employee - to support the JML (joiner-mover-leaver) processes
Technical systems will then leverage the data in this auth-source as a basis to create accounts used to login, gain access and perform tasks
The provisioning process is the fabric to support those account creation and management tasks
Without a provisioning fabric, accounts would need to be created manually in isolation - which will result in errors, inconsistency and a lack of productivity
Connectors are used to attach and communicate with each system in this provisioning fabric
Connectors are small pieces of (often custom) software that can create, read, update and delete (CRUD) identity data
Connectors often follow a particular framework and provisioning platforms will come with numerous out of the box connectors for different systems - from HR, directories, databases, cloud and legacy systems
Rules will often exist between the different systems that govern things like account naming formats and what to do if duplicate accounts are found
There will also be rules for when to remove or disable accounts based on certain workflow events - like a user leaving an organisation or moving teams
Correlation logic (to link for example JSmith with an account called smithj123) will also exist
In the B2C world, provisioning and correlation logic may look to link and manage accounts across different websites, brands or services
Use cases:
B2E - automate the management of system accounts based on HR feeds
Automatic permissions changes, role changes or account disabling based on changes to user position
Creation and linkage of customer accounts across a range of systems - including marketing, analytics, ecommerce