According to some recent research by our friends at One Identity, only 8% of companies have fully automated provisioning processes and 70% rely upon manual operations for joiner / mover / leaver events. Yet, despite many downstream manual processes, many organizations feel they’ve ticked the IGA checkbox.
Let’s start with critical systems: these are well covered by IGA’s and usually fully automated. Next comes the legacy and specialized systems: these generally aren’t automated by the IGA - these get sent to the service desk for fulfillment. Finally, there’s the operational, non-account management workflows that are generally manual: creating a badge, provisioning a phone, ordering business cards, etc.
From the IGA team’s perspective, it’s completely automated. An HR event occurs, which creates a downstream sequence of events. The IGA team has done well. It’s all integrated and flowing.
From the business perspective, the picture is very different. It is not automated, nor is it fully orchestrated. People are manually processing tickets at a huge cost. The business doesn’t have visibility into the process, its state and/or exceptions until problems arise. It’s difficult to direct staff to address problems that are not visible. HR often has some visibility into the challenges but they don’t own the processes. This disconnect is costing the business in many ways.
Let’s look at some of the challenges.
Specialized systems are typically very costly to integrate into IGA. Custom connectors have to be built and the cost is often seen as excessive, so the org lives with manual processes. The IGA calls for provisioning and a ticket gets created where a system owner gets flagged to create the account through a legacy interface. There’s no off-the-shelf connector and the cost to create one is prohibitive - especially when considering the number of these systems that linger. Some orgs will rationalize that these systems are going away soon, but they often continue to linger for years.
If the org has chosen a latest-greatest IGA, then many mainstream cloud apps will be covered. Most cloud vendors support SSO, but not always with the org’s SSO provider. The business will often demand access to specialized cloud apps where connectors don’t exist. These apps are especially problematic as SSO is your best line of defense for cloud apps during terminations. Without SSO, a user may access the cloud app for days until a ticket is manually processed. Many of the older IGA’s lack cloud app connectors leaving the business in a difficult position. Live with manual operations or rip and replace the in-place IGA.
IGA’s are getting better in this department but there’s still quite a gap for many organizations that requires a lot of custom scripting in their ITSM. This is costly development. ITSM vendors charge dearly for these automations and ongoing maintenance is problematic.
Then there’s the business processes (business cards, phone, badge, etc) which are just accepted as being manual operations - nothing that can be done. So the org just accepts it and lives with the inefficiencies, often without realizing just how much it’s costing and compromising the agility of the organization.
So, what’s the cost?
Onboarding is slower than it should be and it’s not completely reliable. Ever had an employee start and on day one they don’t have a phone, badge or worse, a computer? HR people will attest to this problem. Human beings are fallible and that means the processes are likewise subject to exceptions.
With manual processes the key stakeholders like hiring managers don’t have visibility into process exceptions. With insight, they could have rectified an exception without business impact but instead suffer embarrassing process failures.
This one is a security issue. When there’s an emergency departure, IGA systems often can’t respond in a timely manner. Further, the downstream processes are all manual. Orgs have relied upon the perimeter and SSO to ensure that an account is disabled, but most experts agree that many back-doors remain open for days, or longer after a termination. With emergency terminations, significant damage can be done during this gap.
An organization is nothing without its people. These are the people that drive it forward, make it competitive, they innovate, they invent, they are loyal. Yet, these are the people that an org has processing thousands of tickets each month; grunt work - a perceived necessity. By automating the massive backlog of tedious repetitive tickets, employee retention and satisfaction give an organization a competitive edge.
That new star sales executive starts and can’t login. A customer list is stolen because an account didn’t get shutdown. A new engineer starts and doesn’t have a computer. A manager can’t access her Microsoft Teams resources because the assignment failed and wasn’t detected. There are countless cases that most organizations have suffered. They collectively create a state of disruption at a huge cost to the business.
The READI Identity Automation platform enables an organization to easily integrate all of their systems into their IGA workflows. Based on a low-code automation platform, universal connector technology, and seamless REST integration, organizations can quickly and easily extend their IGA reach into all systems - closing the gap for all joiner / mover / leaver events. It’s never been faster or easier to achieve and manage full automation.
Identity Automation brings orchestration and exception alerting to the manual processes. While warm bodies and tickets and may still be required, Identity Automation can orchestrate, track and ensure that things get done so that exceptions are caught and resolved, avoiding business impact. The hiring manager always retains visibility into the state of their hire. When things go off the rails, as they sometimes do, the key stakeholders immediately get alerted.
There’s no better proof than real-world results. One of our enterprise customers with over 100K employees eliminated the manual labour of 13 IT staff and reduced their onboarding SLA from 72 hours to just 4 hours. The process which involves over 40,000 weekly operations is visible in a dashboard that allows them to monitor all operations (automated and manual) along with SLA metrics and obtain early warning of any problems. In only 9 months, a calculated direct ROI of approximately $1,000,000. The 13 staff have been re-provisioned into strategic digital transformation projects; not previously possible. By closing the identity gap, the organization avoided additional hiring. With one initiative, they retained and repurposed valuable staff and improved overall employee satisfaction with both the IT technical staff and the business stakeholders.
Getting started is easier than you think. The Readibots team and our trusted partners are here to help. The Readibots advisory service is designed to assist with as much of the workload as an organization would like. From onboarding and training to full implementations, the READI team will provide a professionally managed experience. For more information about Identity Automation, visit: www.readibots.com