Endpoint Management | System Administration

Joiner-Mover-Leaver – User Provisioning the easy way

12. October 2020, Avatar of Alexander SpatzigAlexander Spatzig

IT managers take pride in maintaining secure and reliable operations for business networks that are subject to continuous change during normal times. But 2020 hasn’t exactly been “normal.” If there were a magical “IT Change-O-Meter” control, it’s been turned up to 11 this year.

In short

  • User Provisioning, i.e. the provisioning of access rights and applications for employees, comprises three phases: Joiner, Mover and Leaver.
  • In the Joiner phase, hardware and software have to be provided and configured.
  • The Mover phase automates the allocation of software based on the organisational structure.
  • In the Leaver phase, user data is backed up and hard drives are securely wiped; automation and standardisation are crucial for efficient operations.
     

What is User Provisioning and what does it involve?

User Provisioning means providing a user in the company with access rights and required applications. New employees are hired, others change departments, while some leave the company permanently or temporarily. All these examples require User Provisioning. This is also referred to as the "Joiner-Mover-Leaver" scenario. As the name suggests, User Provisioning can be divided into three phases:

  1. Joiner phase: A new employee joins the company.
  2. Mover phase: The employee moves to another department or is assigned to a project.
  3. Leaver phase: The employee departs the company or goes on leave.

These standard procedures should be completed as smoothly as possible. For the IT admin, one major way to avoid errors or omissions and achieve the intended outcomes is to automate recurring processes according to standard practices and policies.

The Joiner Phase

The joiner phase – also called onboarding – is technically the most extensive. An employee, – let's call her Sam Sales – has her first day at work and immediately develops first impressions of the company. In order to score points and maintain IT credibility here, Admin Anton has to pay attention to a few (or more) things to make Sam’s first day smooth and productive. During the joiner phase Admin Anton asks himself key questions like: Does the printer work? Is the mail application already set up? Are all standard or job-specific applications installed? Does Sam need a smartphone or have certain preferences?

For Anton, this means procuring the appropriate hardware and getting it to Sam fully ready for operation.

That leads a longer list of other important details:

  • In which organizational unit should Sam’s PC be assigned? From this follows the domain's guideline set, which determines which settings and restrictions apply to the device.
  • Which operating system with which special configurations does Sam receive?
  • Are hardware-specific software and drivers to be installed?
  • How many partitions does Sam need on the PC?
  • Which specialized applications does Sam needed in addition to the standard ones?

Quite a lot, isn't it? And what happens if Anton forgets something? Sam might say something to her boss, or even wonder if she joined the right company to advance her career. Not a great day for anybody. Now multiply Sam’s situation for other company departments. For example. While Sam needs the company’s CRM software installed and configured on her laptop, an employee in the Graphic Design department needs a high-performance GPU-equipped system with an image processing program, while an employee in Purchasing needs a vendor and merchandise management program integrated with Finance department systems.

To add another – and fairly common – wrinkle, is the employee in field service who needs devices that must be secured and encrypted to protect company data against unauthorized access in case of loss or theft.

Fortunately, this process can be mapped, replicated and automated with the baramundi Management Suite OS Install and Deploy modules. The PC is connected to the network, the software and configuration are provisioned automatically based on pre-established configurations and processes for each department and employee role. 

The baramundi OS Customization Tool within the OS-Install module enables detailed enables detailed customization and saving of multiple different OS installation images based on user needs and company standards. These settings range from the adaptation of the corporate design to needed or legally mandated data protection settings.
 

The Mover Phase

In the mover phase, Sam Sales changes her position in the company or joins a project where she is given a specific role. With her new role he needs new business applications and some freeware tools. Whether it’s Sam or other employees, the provision of software and configurations can also be fully automated here according to their needs.

In our example, Sam Sales moved from any department to sales (for which she is predestined simply because of her name ;-)) and is automatically assigned the applications necessary for the job. baramundi Deploy and Automation support the task of automatically providing the needed software.

In addition, Sam Sales needs a video player to play videos presentations. This is no problem for Anton because he uses the Managed Software Catalog in the baramundi Management Suite which provides numerous software packages fully pre-configured. He can either assign and provide these directly or make them available via a company self-service kiosk in a web portal. This gives Sam Sales the option of installing software independently as needed – and all without administrator rights!

The Leaver Phase

When Sam Sales leaves the company in this third and final phase - whether permanently or temporarily, the admin has new tasks to complete. Data on the end devices must be archived and the device must be reset for further use. With baramundi Personal Backup, user data can be specifically backed up and, if necessary, specifically restored.

If the device is decommissioned or returned to the lessor, the hard disk must be wiped to prevent attempts to recover company data. The "Delete hard disk" job step in the baramundi Management Suite handles this. Various deleting and overwriting methods can be selected based on the device and the data involved.

User provisioning is a complex task for administrators, but with good organization, standardized processes and automation you can ensure that all important steps are completed in a timely way. It also saves a lot of time otherwise spent on routine tasks.

After all, the Change-O-Meter seems like it’s going to be stuck on max for a while, and the need for IT flexibility, consistency and efficiency is only going to increase.

Read more

Entries 1 to 3 of 3