An IT Managerís Guide to Provisioning and Identity Management
by Michael Burling - European Director for Thor Technologies - Thursday, 4 August 2005.
Top Tips for managing Joiners, Leavers and Movers

1. Some joiners request access to internal systems before their official start date, in order that they can start introducing themselves by email. This is inadvisable, as the employee probably wonít have signed all his contracts yet and thus will not be governed by the companyís IT Conditions of Use or Acceptable Use Policies.

2. If key clients and external partners are given access to your companyís network, ensure that each registered user has a unique username so that their actions can be tracked and logged. If such a user changes employer or job function, consider whether their access is still relevant. For example, their new employer might be a competitor of one of your companyís external divisions.

3. If an employee changes roles within the company, examine the systems to which they have access and consider how this needs changing. Promoting an employee doesnít necessarily mean that they still require access to all of the systems they were previously entitled to use.

4. Always ensure that access to key systems is closed as soon as an employee leaves at the end of their notice period. Use of identity management tool will help ensure that all access privileges assigned to the employee have been revoked.

5. When an employee leaves, make sure that all company assets have been returned. Use of automated provisioning software can make this onerous task far less painful than it otherwise might be.

6. Check that former staff are no longer on any internal email lists. This is especially important if their mail was forwarded to an external account, as they may be able to continue reading it even if their access to the corporate email system has been revoked.

7. If dismissing an employee, withdraw their access to key systems immediately before, or during, the dismissal.

8. Donít destroy usage records when staff leave. Their abuses of the system might not come to light until some months after they have departed so itís important to hang onto the evidence.

9. Audit your systems to ensure that no accounts belonging to former staff are still active. If you find any, check the last login date and investigate any which raise concerns.

10. Change intruder alarm and numeric-pad lock combinations regularly, and especially when someone who knows the numbers leaves or is dismissed.


Provisioning is one of the latest enterprise IT buzzwords, although it describes a process which has been going on for decades. The multitude of systems, applications and information now required by employees, and the need to offer a range of perks to staff in order to attract or retain them, means that provisioning is now more complex than it ever has been. And with staff now requiring access to so many internal and external computer systems, all of which might require separate usernames, passwords and access privileges, identity management (i.e., keeping track of who has access to what) is far from straightforward. The provisioning and identity management burden placed upon IT managers and personnel departments can, thankfully, be eased considerably through the use of automated software systems.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th