The list of cons is just as long as the list of advantages, however. There's no such thing as a best practice when it comes to implementing a provisioning system, but there are several essential steps necessary for making it work successfully:
- You must define, and modify, if necessary, every process for account creation/modification/deletion.
- You must meet with each business person who will be a source/recipient of account information and gain consensus on the business practices and data handling that will be used by the provisioning system.
- You must configure and map the data to every system connected to the provisioning system.
- You must define the workflow authorizations for each resource.
- Existing accounts will not be in the system and must be imported through an alternative process in order for the automated provisioning product to recognize them.
- You must define audit/reporting formats, as well as dates and times of audit execution.
- You must build the front-end request forms and reports that will be generated.
- You must change your business processes.
- Finally, you must protect the provisioning system from unauthorized access due to the sensitive nature of the operations.
But perhaps the biggest con is the cost: Provisioning systems aren't cheap. And on top of that, in order to execute each of the statements above, I generally take the price of the provisioning system and multiply it by six -- since vendors don't typically consider the true cost associated with an implementation -- to get a more accurate estimated cost of deployment.
Dig deeper on Enterprise User Provisioning Tools
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.