The list of cons is just as long as the list of advantages, however. There's no such thing as a best practice when it comes to implementing a provisioning system, but there are several essential steps necessary for making it work successfully:
- You must define, and modify, if necessary, every process for account creation/modification/deletion.
- You must meet with each business person who will be a source/recipient of account information and gain consensus on the business practices and data handling that will be used by the provisioning system.
- You must configure and map the data to every system connected to the provisioning system.
- You must define the workflow authorizations for each resource.
- Existing accounts will not be in the system and must be imported through an alternative process in order for the automated provisioning product to recognize them.
- You must define audit/reporting formats, as well as dates and times of audit execution.
- You must build the front-end request forms and reports that will be generated.
- You must change your business processes.
- Finally, you must protect the provisioning system from unauthorized access due to the sensitive nature of the operations.
But perhaps the biggest con is the cost: Provisioning systems aren't cheap. And on top of that, in order to execute each of the statements above, I generally take the price of the provisioning system and multiply it by six -- since vendors don't typically consider the true cost associated with an implementation -- to get a more accurate estimated cost of deployment.
Dig Deeper on Privileged access management
Related Q&A from Randall Gamby
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to ... Continue Reading
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ... Continue Reading
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading