Onboarding and Offboarding: The Hidden Processes

There’s a whole set of activities required for effectively onboarding and offboarding new employees. People to coordinate. Processes to develop and operate efficiently. Magic moments that should just happen – because first impressions count and create memories.

One of the behind-the-scenes or hidden processes involves setting up access for the new employee to the systems they require for doing their work. An email account. Access to the collaborative workspace tools being used. HR system access. And more. This can be done manually by an IT administrator with super-user privileges across systems, or driven based on policy using a directory service with provisioning (and de-provisioning) capabilities. The latter means an administrator creates a user account in one central system (the directory), adds the user to a group that has access rights to specific others systems, and the provisioning service notes the change and follows a pre-defined script for adding the new user to other connected systems.

For Office 365 and Microsoft 365 customers, the user provisioning service in Azure Active Directory enables automated, policy-based provisioning of non-Microsoft cloud apps, such as Salesforce, Slack, GoToMeeting, Dropbox, Box and more. This creates sanctioned accounts in these services, decreasing the footprint of unsanctioned apps and shadow IT services. Last week, Microsoft announced additional services can now be provisioned and deprovisioned using Azure AD – including Asana, BlueJeans, Bonusly, LucidChart, and Zendesk.

And when an employee leaves, removing them from the groups with access to other systems essentially runs the process in reverse: user accounts are revoked and thus access privileges are removed.

Being intentional / deliberate / automated in this area is another example of what information protection looks like in practice.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.