User provisioning is a great way to improve your efficiency. Instead of managers and employees continually requesting new access permissions, nearly everything is automated. There’s just one catch.
To implement user provisioning in a secure manner, you need human resources to participate in the process. Unlike IT, HR has a companywide view of each job position and the access required. To win HR’s support for user provisioning, follow the two-part approach laid out in this post.
Part 1: Understanding HR’s Readiness for User Provisioning
HR is an excellent stakeholder for user provisioning projects, but only if they have the right foundation in place. Before you launch a user provisioning process, take the time to assess whether HR is equipped to support the project.
1) Does HR Have Accurate Job Descriptions?
In some companies, job descriptions are ancient documents far removed from daily work. Outdated documents make life more difficult for user provisioning. Why? Dated job descriptions are less likely to mention all of the reports, systems, and responsibilities for each staff member. To evaluate the quality of the job descriptions for user provisioning, use this short checklist:
- Date of the last review. If the job description was reviewed in the past 12 months, you are in good shape to move forward.
- Customized to the company? Some HR departments start by using “off the shelf” job descriptions and tailor them to the company’s requirements later. In reviewing the documents, check if company-specific systems (e.g., your finance software, your email platform) are mentioned.
- Evidence of local manager input? Has the manager who oversees the position provided feedback on it? If there is no manager involvement in the job description, it is unlikely to be useful.
2) What is HR’s Relationship With IT?
Evaluating a business relationship can be tough. However, we have a simple way to do it. Over the past year, have HR and IT successfully worked on technology projects and activities? If so, how many examples can you list? If you cannot name any successful projects, the IT/HR relationship needs work.
If HR and IT have a weak or non-existent relationship, factor that reality into your user provisioning project planning process. To engage HR efficiently, check out our past article Win HR Support for Your User Provisioning Project in 5 Steps. Briefly, the key is to start with HR’s needs and goals. Once you understand HR, you will be better able to “speak their language” when it comes to user provisioning.
3) What is HR’s Capacity for New Projects?
For the best results, we suggest that HR assign a single person to support the user provisioning project. For HR to do that, the HR department needs to have availability and interest in helping technology projects. How do you find this out?
Ask one or two managers in the HR department about their capacity to support a user provisioning project. The fact that you ask them early on will go a long way toward earning their support. You may find that HR is fully booked with other projects. What should you do then?
You have a difficult choice to make. You could choose to go ahead without HR participation and fix problems later. Alternatively, you can delay implementing the project a few months until HR can provide support. It all depends on the urgency of your user provisioning project and your ability to influence HR.
Part 2: Involving HR in the User Provisioning Project
Assuming HR is ready and willing to support a user provisioning project, use these tips to keep them engaged.
1) Input on designing the user provisioning project
Start by creating a one-page business case for why you plan to implement user provisioning. After that is ready, meet with an HR manager to gather their input. They may point out that your RFP for a software solution is missing critical components. Fixing those oversights early in the process is a good way to save time and money.
2) Defining most common user profiles
If you have 1,000 employees, how many different user profiles are required for user provisioning? You may only need 10 or 20 profiles to cover the majority of the organization. Ask for HR’s advice in identifying the most common job roles. As a risk management measure, also identify high-risk user types (e.g., executives with large spending limits).
Tip: Does your organization have a wide variety of job positions? In that situation, use the 80/20 rule and focus on the most common job positions, such as sales representative and customer service representative.
3) Testing the User Provisioning System
Invite HR to participate in testing the new user provisioning system. There are two specific kinds of feedback to request. First, ask for their comments on whether the new system is out of alignment with HR policies and procedures. Second, ask them for general feedback on the overall experience of using the system.
Tip: If you are new to user provisioning testing, make sure to test two activities. One: can users provision a new user to their department? Second, can users provision (i.e., remove a user’s access) access?
4) Training Support for User Provisioning
As part of a user provisioning project, you may offer training to every manager in the organization. What happens after the project is completed? Work with HR to include user provisioning training for new managers. Unless user provisioning is built into “business as usual” processes, it will not be consistently used. Inconsistent user provisioning practices reduce employee productivity.
Other Ways to Improve Your User Provisioning Project
HR support is valuable, but it is not enough on its own. What else do you need to launch a successful user provisioning system? Start by creating a business case to win support for the project in the first place. Read our article on password management business case for inspiration. Next, evaluate whether user provisioning is the right security project. You may find that password management is a higher priority once you review your cybersecurity goals.
