Scale onboarding and security with automated provisioning
User provisioning is a critical responsibility for IT and systems administrators that oversee the software your organization uses to build your product, drive revenue, and retain customers. And account provisioning is an essential part of what HR teams do as they onboard new employees and ensure they hit the ground running with access to necessary tools, as well as making sure departing employees’ accounts get properly de-provisioned.
Your teammates want instant access to the tools they need to be successful, but receiving and managing their requests in a fast and secure way can become impossible in larger teams that rely on a growing number of apps. In addition, over time, as your tech stack evolves and employee roles change, your company may need to provision additional accounts for new software over time. In this post, we’ll show you how to enable your team at scale with an automated provisioning process of your own.
As your organization grows, your team will naturally adopt more software to support increasingly ambitious and specialized projects. In fact, the modern enterprise uses almost 2,000 different applications across its tech stack. And with more people and more tools comes a greater burden on your IT, security, and HR teams to quickly onboard new hires and provision existing employees. In addition, enterprise-grade security certifications (including SOC 2) require you to maintain a comprehensive audit of who uses which tools. User provisioning can quickly become a full-time job that prevents you from tackling other projects.
The average number of SaaS applications at the modern enterprise. Source: McAfee
With an automated provisioning process in place, you can efficiently field requests for any number of tools with different requirements and provisioning instructions in a single ticketing system (such as Jira). Internal stakeholders can submit requests directly inside their collaboration tool of choice (such as Slack, Microsoft Teams, or Cisco Webex Teams) for fast and seamless follow-up from IT.
To automate user provisioning, we used a General Automation Platform (GAP), a low-code platform for designing automated processes called workflows. In each workflow, you can combine pre-built connectors to your favorite systems with logic-based helpers to create powerful custom integrations like this one.
Walkthrough: Automating user provisioning
We’ve separated our user provisioning process into three stages:
- Maintaining vendor list and receiving requests - To start, we reference a centralized spreadsheet in Google Sheets (you can also use Airtable or any other spreadsheet tool) of all of the apps and services that require approval or provisioning by the IT team. Then, we create a slash command in our internal collaboration tool, Slack, to receive new requests.
- Processing requests - When a teammate engages with the access request modal (i.e. interface) in Slack, we capture that data and ensure that we route it to the right place.
- Managing approvals and sending confirmation - Finally, we follow the service-specific approvals and provisioning process. This process creates a ticket in our internal ticketing system, Jira, to keep track of all requests. We’ll also send a customized confirmation message with request details and next steps.
Stage 1: Maintaining vendor list and receiving requests
Before building out an automated request and provisioning process, we’ll first want to audit the services and vendors that our organization currently uses. With this information, we can create a centralized spreadsheet that includes details such as vendor name, whether the tool needs approval, installation instructions, and service owner. We’ll need this documentation to process and route requests later on in our approvals process.
In Slack, any app (an integration with an external tool) must respond to a user-triggered event within 3 seconds. For that reason (and because we want to offer as seamless of an experience as possible to our end-user), we’ll pull the data in this sheet regularly and store it within our workflow for instant access.
An example of a vendor list
Now that we’ve created our list, we can create a Slash Command in Slack that kicks off the request process. For reference, a Slash Command triggers the actions of a Slack app whenever someone in our workspace enters the command in their message bar. Using Slash Commands ensures that any team member can easily send a request at any time. For help setting up a slash command in Slack, visit Slack’s API documentation.
Fielding requests and generating request modal with picklist
Our workflow begins with a Slack trigger, which listens for the ‘/access-request’ slash command. When someone in our workspace uses ‘/access-request’, the workflow will get the user’s ID, pull our list of vendors from our data storage helper, and use that information to surface a request modal. In the request modal, the end-user can select a specific service from a dropdown menu.
The initial request modal
Now that we’ve created a simple request intake modal and mapped it to the data in our vendor list, we’ll need to ensure that our IT team receives the information they need to process each request.
Stage 2: Processing requests
As your organization grows and diversifies, you’ll naturally implement more and more software. And often, that software can vary from highly niche, highly sensitive tools that require more-extensive approvals to much more-accessible platforms. And of course, every IT administrator must weigh enabling their team to succeed with cost efficiency when managing licenses for each tool.
Since each tool has different access and provisioning requirements, we built out additional logic that updates the request modal with more context if needed.
Our approvals and provisioning process
First, our workflow references the data in our vendor list to see if the software selected by our end-user requires approval from our IT and security teams. If we don’t require approval, we send our end-user a confirmation with instructions on how to access the software. If we do require approval, we instead update the modal with a form to capture the reason for their request.
Example access request outcomes
Stage 3: Managing approvals and sending confirmation
Once an end-user submits a request for approval, we’ll want to capture that request in an internal ticketing system for timely follow-up from our IT team. At Tray.io, we use Jira to track and manage all provisioning requests (but you can also connect to tools such as ServiceNow and Zendesk).
When an end-user submits their request, we get the message details from Slack and create a ticket in Jira. From there, our workflow will automatically close the ticket if the request doesn’t need IT team approval. If the request needs approval, the IT team can use Jira to triage the ticket and approve or deny the request.
But that’s not all. We’ve added a few features to our workflow to ensure an exceptional end-user experience, including a personal confirmation message with the request details, as well as a custom GIF once your requestor submits a request. With the flexibility of GAPs, you can tailor this process to meet your exact business requirements.
Our custom confirmation GIF
You’ve just tapped into greater organizational efficiency by automating your IT approvals and provisioning process. Now, you can provision or update accounts for your team at scale without manually processing each request. At the same time, your team doesn’t have to jump between multiple systems to place requests, saving them time and setting them up for success faster. Not to mention, this highly efficient process is fully compliant with enterprise-grade security standards for access and documentation, including SOC 2.
Automated user provisioning is only the beginning of what you can achieve with a General Automation Platform. If you’re interested in seeing more ways that you can use GAPs to drive efficiency and scale processes across your tech stack, sign up for our next weekly group demo.