Identity Provisioning
Identity Provisioning is the process of creating user accounts and granting appropriate access rights when someone is hired, transferred, or onboarded into a new role. It translates HR data and role definitions into working access across all systems.
# WHAT TEAMS RUN INTO
- —
Provisioning rules drift from reality as business processes change. The system grants access based on rules designed years ago that no longer match actual role responsibilities.
- —
Over-provisioning is the default. To avoid service disruption, systems grant broad access instead of least privilege, leaving excess permissions in place.
- —
Provisioning completeness is invisible. A new hire gets access to email on day one but cloud systems on day three and certain databases never. Nobody tracks whether provisioning actually finished.
# WHY IT MATTERS
Provisioning sets the initial access posture for every identity. If you start with over-privileged access, you fight that inertia forever — people keep access they never use because removing it is harder than managing the risk. Every access decision is a security decision, and provisioning decides the first one. Poor provisioning creates a baseline of excess access that becomes the foundation for future access creep.