Automatically deliver the appropriate permissions and authorizations


Standard workflows, such as creating a new employee in the various systems, consume an unnecessary amount of time. All the necessary information in the company has to be collected laboriously. With provisioning and associated workflows, these processes can be carried out mostly automatically.


For provisioning, the corresponding processes are mapped in rules and roles and stored in the system. If these are triggered, the connected systems, such as email, SAP, merchandise management system or databases, are ready for the (new) employee without further administration by the EDP. Changes due to department changes, relocation, project membership, deletions and so on due to company changes or pensions are only triggered once and then run automatically. The administrative effort is reduced drastically.


As an example, in the project at Gehe, the time required to create a new employee was reduced from 2 hours to 2 minutes. It is even possible to use human resources department as a trigger. They have the function and personal data of the new employee and thus can create the new employee in the personnel administration program. Implemented rules and roles ensure that all target systems are automatically supplied with the corresponding account and authorization information in the background via the IDM system. This enables the new employee to use his PC, suitable printer, etc. immediately.

Benefits of provisioning

  • Central administration of all permissions, security policies and user roles simplifies administration.
  • Account and authorization assignment as well as account and authorization revocation are automated. Account management (creation, modification, deletion of account data; allocation of access rights) is designed with rules and roles. Administrative effort and costs are reduced, while quality is improved.
  • Increased security through rule-based, enterprise-compliant and automated deletion of accounts and permissions.
  • The Helpdesk is relieved of workload due to reduced calls resulting from the automation of standard processes.
  • Fast access to necessary data, (new) employees are immediately ready for work.

Obstacles of provisioning

When implementing provisioning, conception and planning are extremely important. Without defined rules and policies, automation is useless: the more precise the requirements, the more effective the provisioning….

  • Provisioning rules are often defined in general rather than separately for each target system.
  • Sometimes rules and regulations are exaggerated. 100% rule mapping is uneconomical, a mix of 80% rules and roles and 20% individual rights is feasible.
  • The handling of exceptions is often forgotten.
  • Many fail to establish who is responsible for maintaining rules. The result: Nobody does it and that’s a security risk.
  • As a rule, not all target systems have corresponding interfaces and integration tools, many of which must first be created or procured.
  • Initially, many people overlook the fact that they will later have to read out account / authorization data (CURRENT state) from the applications for audit purposes.
  • Frequently, the provisioning engine does not respond in real time to an authorization request, but simply at some point. This leads to user dissatisfaction.