User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and access to software and data is consistent and simple to administer.
User provisioning has become a critical problem for enterprises looking to lower the administrative burdens of account management, while also trying to reduce risk. The level of complexity of a provisioning process is typically related to the level of risk associated with the resources that will be accessed by the user.
Types of user account provisioning include:
Discretionary account provisioning - allows a network administrator to decide for himself which applications and data the end user should be able to access. A discretionary approach is often used in small or mid-sized companies.
Self-service account provisioning - allows users to participate in some aspects of the provisioning process in order to reduce the administrator's overhead. Typically, users are able to request an account and manage their own passwords.
Workflow-based account provisioning - gathers the required approvals from the designated approvers before granting a user access to an application or data. For example, the business rules in a finance application might require that every new account request be approved by the company's Chief Financial Officer (CFO).
Automated account provisioning -- requires every account to be added the same way through an interface in a centralized managment application. This streamlines the process of adding and managing user credentials and provides administrators with the most accurate way to track who has access to specific applications and data sources.