When IT gets the onboarding process right, a few great things happen. The most obvious is that employee productivity is maximized, and people feel empowered in their new organization by having all the technology resources they need to get started in their new role. The faster you get someone working and in full swing, the sooner the company will gain value from that employee. A study we commissioned earlier this year found organizations losing upward of $1M in productivity for new and existing employees waiting for the technology access they needed to be effective.
Perhaps more importantly, onboarding that leverages identity-driven and automated policy enforcement also creates an environment that is more secure. With this approach, IT has the checks in place for governing access from their first day, throughout the entire lifecycle of that employee. As an employee’s role changes or they leave the organization, they are automatically “offboarded” from having access to key systems, data, and resources that could pose risk to the organization. All de-provisioning of access should take place based on policy created by the organization. It’s tracked and logged, making it fully documented for compliance or regulatory purposes. This is especially important when you consider that studies have shown 50% of employees retain access to one or more apps or systems after they have left an organization.
The trick is establishing an onboarding experience that is both seamless for the employee and effective for IT teams that need to secure and govern their environments. This often means a collaboration between teams tasked with service delivery and security. Although simplified, here is a checklist of what that secure and productive onboarding process can look like:
- Employee identity is created based on an aggregate of information sources as defied by the organization (HR systems, payroll systems, project systems, Active Directory, etc.) This identity maps to defined and approved entitlements for all technology resources in the organization.
- Employee is issued an appropriate device or devices. Approvals/workflows have been documented and are tracked (and ideally managed through an IT asset management system.)
- Devices are provisioned based on employee identity and key attributes, ensuring settings are relevant to employee location, job function, and other information driving policies. Access to appropriate printers, files shares, drives, etc. all automated based on those attributes.
- Access to approved applications (physical, virtual, SaaS, and mobile) is granted and tracked. Accounts with varying permission levels are automatically created based on identity and company policies.
- The new employee is directed to an intuitive self-service portal or storefront to view any apps and services that they have entitlements to, but require additional approvals or their request to kick off automated processes.
- The new employee is shown status as they request any apps, services, access rights, etc. that may be an exemption to standard policy. The process of their request and typical turnaround times are made visible.
- Managers and supervisors have visibility into the onboarding process for their employees. They can request new access rights and resources for their employees and be included in approval workflows.
In real life, this should just feel like an effective day-one experience for a new employee, even though IT has automated the leg work far ahead of that first day. Check out this quick video that shows how simple a new employee can get up and running when joining an organization that has implemented secure identity-driven and automated onboarding and offboarding processes.