By Megan Anderson Posted December 2, 2019
The metaphorical pot of gold at the end of an IT admin’s rainbow would be the ability to automatically provision a user, and then have that person access all of their IT resources immediately.
This was largely possible for all Windows®-based and on-prem networks through Microsoft® Active Directory® (AD), but as the IT landscape changed so too did the complexity of provisioning users. Now, admins are wondering how they can automate user provisioning in the age of mixed-platform environments, cloud infrastructure, web applications, and more.
Manual User Management in an Automatic Age
Although Active Directory was an invaluable tool for many organizations during its prime, today it’s more of a stubborn relic. It’s still useful for connecting Windows users to their on-prem Windows resources and applications, but when it comes to cloud applications/infrastructure and non-Windows systems, admins often have to make up for the capabilities AD lacks.
To start the affair, they first have to configure and manage every cloud application their organization leverages. Then, within those applications, they have to manage user identities separate from AD, meaning an individual now has two or more identities. That’s assuming that users don’t create their own accounts in an effort to expedite the process, making it impossible to revoke entry, track access, or manage their credentials.
The monotony of manually provisioning users leaves room for human error as well –– assigning the wrong access permissions or not assigning enough of them, for example –– which forces the admin to go back and do more tedious work, hamstringing their efficiency. Even employing any of the many additional solutions or “add-ons” such as directory extensions, web application single sign-on (SSO), privileged access management, and others of the like don’t reduce how often admins have to grapple with provisioning users effectively.
Many add-on solutions still require admins to hard-code customizations, and ensuring that each tool plays nicely with the others and the AD instance can be another beast in itself. That’s not including the implications of provisioning users on macOS® or Linux® systems, both of which demand extra time and attention to achieve complete management.
Benefits of Provisioning Users With the Cloud
In today’s cloud-forward world, the best way to achieve automatic user provisioning is with a modern cloud identity management platform. Admins can provision access to many more IT resources including macOS, Linux, and Windows systems through a few clicks, rather than by assembling a collection of add-ons and configuring each. Access to other IT resources such as applications, VPNs, WiFi, file servers, and others is just as critical. Provisioning user access from one platform ensures that users have one core identity as well, reducing the chance for human error that could lead to an overflow of support tickets. This frees up time and mental space for admins, enabling them to focus on more pressing matters.
For those organizations without an existing identity provider, a modern cloud directory service such as JumpCloud’s Directory-as-a-Service can be an ideal choice to automate user provisioning. For those that already have AD in place, using JumpCloud’s cloud identity management platform, Active Directory identities can also be extended to auto provision to G Suite™, Office 365™, LDAP applications, various web applications, WiFi and VPN access, and much more. This means that admins don’t have to abandon the familiar interface they’ve used for years. Instead, AD remains at the head of management while a plethora of much-needed capabilities is added to it. This keeps any noticable differences in daily operations to a minimum, leaving the only perceivable change in end users’ workflow being increased efficiency. Whichever camp you are in, there are modern IAM tools to help IT admins grab the holy grail – automated provisioning to virtually all IT resources a user needs.