HR & IT: Coordinated Provisioning

Written by Cassa Niedringhaus on March 28, 2020

Share This Article

Human resources managers and IT admins have traditionally operated in silos. That has meant they maintain separate directories and manually create asynchronous digital identities for the same users.

For example, HR managers use human capital management (HCM) systems and their associated directories to connect users with HR resources and manage payroll and benefits. Meanwhile, IT admins use separate directory services to connect users to IT resources like systems, applications, and networks. However, coordinated provisioning is an emerging concept that unites the two departments in their provisioning efforts.

Why Should HR & IT Coordinate?

When it comes to new users, the two departments have overlapping goals to get them provisioned and up to speed as quickly as possible. In competitive markets, particularly, a standardized onboarding experience is critical to retain top talent and minimize turnover of new hires who don’t feel properly acclimated or equipped. 

Beyond that, both HR managers and IT admins also have more valuable tasks to do than repeated manual data entry. Rather than having experts in both departments input similar data twice (or more) for the same user, the departments can coordinate and implement processes that require input only once and then propagate user information into the requisite directories automatically. This process saves them time, improves organizational security by reducing identity sprawl, and ensures IT has the most up-to-date employment information from HR. 

Synchronized & Automated Provisioning Workflow

IT leaders can implement the processes for an integrated provisioning workflow with less manual data entry, more accuracy, and better security by integrating their central directory with the HCM system. Then, the identity created in the HCM system flows to the directory and on to permitted IT resources via a variety of protocols — like SCIM, LDAP, RADIUS, and SAML.

By integrating the HCM system and the central directory, they ensure users have only one digital identity within company systems. From the central directory, they can then propagate that same digital identity to systems (Mac®, Windows®, Linux®), SaaS and on-prem apps, WiFi networks, VPNs, file servers, and more. Laid out end-to-end, the process looks like this: 

HR System → Central Directory → Systems, Applications, Networks, & Files

This improves user provisioning, deprovisioning, and modification because these changes flow throughout the internal systems. If, for example, an employee notifies HR of their last day and they are deleted from the HCM system, that change is reflected in the central directory and IT resources, too. 

Benefits for End Users

This workflow introduces benefits for end users, too. Effective onboarding begins before an employee’s first day on the job, and it includes the technological resources they need to get their jobs done. BambooHR CEO Ben Peterson told SHRM that, “If we don’t worry about onboarding before the employee starts, then we’re way behind.”

In this workflow, the moment an employee signs the offer letter and is input in the HCM system, they are then created in the IT directory, which provisions them to their permitted resources before they ever set foot in the office. That way, on their first day, they can log into their laptop, access the office WiFi, get started in their apps, and more with one set of authoritative credentials. 

Coordinated Provisioning Driven by a Cloud Directory Service

JumpCloud® Directory-as-a-Service® demonstrates this workflow in its integration with HCM software solution Workday®. JumpCloud is the first full-suite directory service in the cloud, and admins can use it to securely connect users to virtually all their IT resources, including systems (Mac, Windows, Linux), SaaS and on-prem apps, networks, and file servers. 

Using JumpCloud’s Workday integration, admins can monitor and adjust users as they import from Workday into JumpCloud, and then they can propagate those digital identities via cloud LDAP, RADIUS, and SAML to their permitted resources. Learn more about HR and IT integration in the cloud and creating the most efficient user lifecycle management workflow for everyone involved.

Cassa Niedringhaus

Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she’s not at work, she likes to hike, ski and read.

Continue Learning with our Newsletter