The list of cons is just as long as the list of advantages, however. There's no such thing as a best practice when it comes to implementing a provisioning system, but there are several essential steps necessary for making it work successfully:
- You must define, and modify, if necessary, every process for account creation/modification/deletion.
- You must meet with each business person who will be a source/recipient of account information and gain consensus on the business practices and data handling that will be used by the provisioning system.
- You must configure and map the data to every system connected to the provisioning system.
- You must define the workflow authorizations for each resource.
- Existing accounts will not be in the system and must be imported through an alternative process in order for the automated provisioning product to recognize them.
- You must define audit/reporting formats, as well as dates and times of audit execution.
- You must build the front-end request forms and reports that will be generated.
- You must change your business processes.
- Finally, you must protect the provisioning system from unauthorized access due to the sensitive nature of the operations.
But perhaps the biggest con is the cost: Provisioning systems aren't cheap. And on top of that, in order to execute each of the statements above, I generally take the price of the provisioning system and multiply it by six -- since vendors don't typically consider the true cost associated with an implementation -- to get a more accurate estimated cost of deployment.
This was first published in June 2010