How to Simplify Onboarding Employees to Their Applications with SCIM




With the shift to remote work due to the pandemic, the onboarding process has become more of a challenge for both IT admins and their new employees. Admins cannot just go over to their user’s desk and spend five minutes with them and troubleshoot access to the business critical applications they need. The onboarding process is critical for new employees, and research shows that if it is subpar, it can adversely affect their experience:

  • Gallup found that only 12% of employees strongly agree their organization does a great job of onboarding new employees. 
  • Glassdoor found that organizations with a strong onboarding process improve new hire retention by 82 percent and productivity by over 70 percent.
  • The Human Capital Institute (HCI) found that up to 20% of new hires leave in the first 45 days of employment.

As an admin, you play a key part in the onboarding process. It is up to admins to ensure that their new employees have access to the resources they need, but making it easy for users to do so is not so easy. It can take hours to provision application access, and the process often requires creating documentation to ensure the user will be as self-sufficient as possible. Does this sound like your current onboarding process? What processes have you and your company put in place to ensure smooth onboarding? Does your process minimize the amount of time you spend activating a new user?  At JumpCloud, our goal is to create low-touch onboarding for your company. 

 Current Onboarding Process

The biggest onboarding challenge is inconsistent application.

“10 Employee Onboarding Statistics you Must Know in 2021,” SaplingHR

To demonstrate how JumpCloud can create a low-touch onboarding process, let’s first walk through an example of what setup for a typical new hire looks like; we’ll call this new hire Mary Adams. Mary will be joining your company in just a couple weeks and will be sitting in your Head Office their home office. If you look at the Onboarding Task List below, you have a lot of work to do before her start date: 

This list is overwhelming. It could take hours to provide Mary with the credentials she’ll need to access each application. And guess what? Mary is part of a new hire class of six, each with their own custom list of device and application requirements due to their different roles in the organization. 

Given the effort it took to create this list for just Mary, what does it take to manage all the other employees who will be onboarding soon? What are the opportunities to standardize the onboarding process and minimize the level of effort for this part of your job? 

If you take a closer look at the list, most of these items revolve around creating an “identity” for Mary. A centralized Identity Platform, e.g. a Cloud Directory such as JumpCloud, greatly accelerates this effort as it enables just one set of credentials for Mary to access all the applications highlighted in the image below. This will not only save time for you and Mary, but will also allow your company to create a uniform onboarding process that can help create a positive employee onboarding experience. (We know onboarding is not solely focused on application access; streamlining device onboarding and troubleshooting issues throughout are additional benefits of a cloud directory, but we’ll cover that in more detail later.)

Cloud Directory and Streamlining Onboarding

With JumpCloud Directory Platform you can build, manage, and maintain a single, secure identity for every employee that connects to virtually any IT resource, regardless of location, platform, protocol, and provider. As soon as you place your new employee into the correct group(s) based on their role and responsibilities, that employee will be granted entry to all applications and permissions that the group allows, facilitating a low-touch user onboarding process for all parties involved. Let’s take a look at this at how this will impact Mary:

Mary needs access to the correct applications, her device, and her office’s network before her start date. To make this possible, all you need to do is place Mary into the Group Product Manager User Group and Product User Group that grants her access to her applications. The Boulder Office Group that will allow her access to the network (when she starts coming back into the office), and her identity will also enable her to log into her device on her start date. 

Now, when Mary starts, she can spend more time onboarding with her team and learning how to succeed in her new role. As an admin, your new Onboarding Tasklist is reduced, allowing you more time to focus on other projects.

User Management 

User Management is a major benefit of JumpCloud’s Cloud Directory. As soon as Mary’s identity is created in JumpCloud, it can be used to provision, update, and deprovision Mary’s access to the business critical applications, e.g. AWS, she needs. At JumpCloud, we are able to do this with SAML JIT (Just-In Time) provisioning and SCIM (System for Cross-domain Identity Management).

SCIM (System for Cross-domain Identity Management) is an API-driven protocol for managing user identities in web applications. SCIM eases the friction you have in provisioning and managing user accounts in web applications, since it allows you to automate the processes of account creation and deletion, as well as maintain synchronization between your cloud directory and web apps in question. With SCIM, you no longer need to manually create and delete user accounts in web apps — which saves valuable time and reduces the chance for errors in the authorization levels granted to users.

However, some applications are large and complex enough where individual account management through SCIM helps, but can still require extra steps to implement effectively. Within apps such as AWS SSO, admins or DevOps personnel have to create their Product User Group in the application first; once the group is created, they still then have to add Mary to the Product User Group manually or use SAML attributes. They will also have to do any updates to the group name or delete groups from within AWS SSO.  

This is why JumpCloud is adding a group management feature that will centralize group management in our Admin Portal.

New Launch: Group Management Integration (SCIM)

To address this, we are launching a new Group Management feature. In our continued efforts to get Mary onboarded seamlessly, we have identified that she will need access to the AWS SSO app. The existing employees in the Product User Group already have accounts and have been placed in the AWS group you created for them, called Product Management. Currently, you would have to create Mary’s account in AWS and place her into the correct group. With the launch of this new feature, as long as you place Mary into the JumpCloud Product User Group, the directory will automatically create her account in AWS and place her in the Product Management Group, with access to the same accounts and permission levels as the existing employees in JumpCloud’s Product User Group.

This launch continues the efforts to make your onboarding process as low-touch as possible, as well as giving you the ability to manage new employees’ AWS accounts from the JumpCloud Admin Portal without having to go into the application.

Other Onboarding Tips: The Buddy Program

At JumpCloud, we know that onboarding goes beyond provisioning user access to applications, devices, and networks. We wanted to share a tip that may also enhance the onboarding process: A Buddy Program. According to HCI, 87% of organizations that assign an ambassador or buddy program during the onboarding process say that it’s an effective way to speed up new hire proficiency. In the case of Mary, a buddy could walk Mary through how to use each application for her to excel in her role.

Evaluate JumpCloud Free Today

If you’re new to JumpCloud and interested in learning more about the platform and how to achieve stronger security practices, evaluate JumpCloud today! JumpCloud Free grants new admins 10 systems and 10 users free to help evaluate or use the entirety of the product, including our Zero Trust capabilities. Once you’ve created your organization, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.


Related Posts
Use the new JumpCloud App for Slack to resolve user issues from the same place you communicate with them! Try JumpCloud Free.

Blog

User Administration with the JumpCloud App for Slack

Use the new JumpCloud App for Slack to resolve user issues from the same place you communicate with them! Try JumpCloud Free.

Automating client user onboarding saves MSPs time, money, and peace of mind — and a cloud directory service can help you do it for free.

Blog

Automating Client User Onboarding as an MSP

Automating client user onboarding saves MSPs time, money, and peace of mind — and a cloud directory service can help you do it for free.

Manual user provisioning is more than inefficient: It opens your organization to a number of security and financial risks.

Blog

Risks of Manual User Provisioning

Manual user provisioning is more than inefficient: It opens your organization to a number of security and financial risks.