Improving IGA within your organization can have a beneficial impact on business outcomes related to employee efficiency and talent retention.

Background

There aren’t many things more detrimental to new employee productivity than a slow and disjointed onboarding process. Ineffective onboarding can cause employees to lose trust in their employer organization and can also impact a company’s ability to hit revenue targets. But what causes onboarding processes to decline? Manual lifecycle management (LCM) processes can often lead to new employees waiting months for the access they need to do their job. 

Case in point, if your organization utilizes AWS, you’re likely familiar with how time-consuming it is to properly provision a user. For one customer, manual LCM processes resulted in a drawn-out onboarding process with new employees waiting months for access to AWS. If your organization relies heavily on support tickets, tribal knowledge, or struggles with operational bottlenecks then this situation may sound familiar to you. 

Why It’s Important for IT and Cybersecurity Teams to Help Improve Onboarding Experiences

But onboarding is HR’s problem; you may be thinking. Keep in mind that IT and Cybersecurity teams oversee the access rights granted to employees for the key business resources needed to do their jobs. End-users may not understand everything that goes into provisioning an identity, but they sure like to blame IT when they can’t access the software needed to do their job. Whether or not IT is the one holding up the process. 

In addition, employee threat awareness is critical to effective cybersecurity. If end-users lose faith in the effectiveness of the IT and Cybersecurity processes, they’re less likely to respect and adopt recommendations made by your group. If you are working to convince your organization to change business operations to better benefit security outcomes, it’s important that employees have full faith in your IT group.

One Customer’s Story

Effective IGA practices like automated LCM can significantly improve onboarding experiences. A great example of how automated LCM can improve onboarding processes and have a positive impact within your organization is how one customer used Clarity to fully provision new employees in minutes rather than months. This customer was responsible for managing over 750 websites, plus SEO and content creation for their customers. Their employees needed access to a multitude of applications, web environments, and more. Most of their internal processes were built to prioritize agility, precision, and speed. Except for managing access needs during new employee onboarding. Some new employees had to wait for over 2 months to be fully provisioned. Manual lifecycle management processes were making it almost impossible to provision new employees in a timely manner. In addition, the customer had regulatory requirements that mandated a specific approval process be followed before employee access could be provisioned. Very few hiring managers knew about the requirement, and so access would go un-provisioned for lengthy periods of time.  
 
Regardless of regulatory requirements, new hires shouldn’t have to wait months to have access to the resources they need to do their job. Like many other organizations, this customer relied on tickets to handle LCM access requests. A manager had to remember to submit a ticket for their new employee’s access. Then an IT professional had to manually review the ticket, log into multiple applications, grant the proper entitlements, and respond to the manager to get formal approval to meet the previously mentioned regulatory requirements. This process was slow, time-consuming, and left a lot of opportunity for error. What if the manager forgot to include several of the applications needed or what if their requests left a user overprovisioned? How does an organization maintain RBAC and enforce least privilege if there isn’t a way to easily reference entitlements based on roles?

The Solution

To solve this customer’s problem, we used a combination of Clarity’s dynamic role mining engine and automated LCM to help minimize the organization’s reliance on tickets and alleviate bottlenecks during onboarding. 

To get started, team members from Clarity worked alongside the customer’s IT Team to complete Identity Unification. This process automatically generated the customer’s RBAC structure using flexible org units and attribute mapping to ensure least privilege and risk minimization. Afterwards, Clarity’s customer success team trained the client’s IT and cybersecurity administrators on how touse drag-and-drop workflows to create a customized automated LCM approval process. Now, when a new identity is found in a source of truth, such as when a new employee is populated in an HR system, that identity is immediately provisioned and granted access based on the appropriate role. There was no longer a need for IT admins to log into multiple downstream applications to manually grant access, saving significant time and reducing the potential for error. 

As we mentioned earlier, there were certain access requests that required specific approval in order to meet regulatory requirements. For those instances, an additional custom LCM workflow was created to send daily notifications to reviewers until they approved or denied the request. Once access was approved, the identity was automatically provisioned. 

In Conclusion

Prior to Clarity Security, it wasn’t uncommon for a newly hired junior developer to be without their required access for two months. After implementing Clarity Security, all access is provisioned immediately after the employee is finalized in the HR system. This shift to automated LCM improved onboarding processes, reduced time and effort spent provisioning new identities, removed clunky operational processes, and better secured the customer’s application landscape.