The Problem 

When a new employee joins your organization, they will need to access systems and resources to perform their job. It is important that they receive the right access at the right time to avoid a loss in productivity. The criteria used to grant access will vary from organization to organization and it should take into consideration a variety of factors such as job title, department, manager, location, etc.

For example, a “Business Development Executive” joining the organization may need the following access:

  • Account in Active Directory with group memberships appropriate for a business development executive
  • Email in Office 365
  • Account in CRM with access appropriate for a business development executive.
  • Account in the employee portal
  • Account in the service desk  

While some of this access can be granted as birthright, other access may need to be requested by the new employee’s manager.   To prevent a loss in productivity, access needs to be enabled on Day 1.

The OpenIAM Solution

Organizations using OpenIAM Identity Governance can leverage the automated provisioning functionality to streamline new employee on-boarding to consistently deliver a Day 1 start. OpenIAM can be integrated with your authoritative sources, such as a Human Resources (HR) system, to detect new hires, position changes and terminations. Employee information from the source can be processed by the business rules engine to determine birthright access. This access is then passed to the integration connectors for provisioning on the day the employee starts.

The automated provisioning functionality can also make use of:

  • Role based provisioning – Business roles can be defined to grant access based on job function and can be used in conjunction with the business rules engine
  • Workflow-based requests from a service catalog

Each step performed during provisioning is captured in the OpenIAM audit logs.


By employing OpenIAM’s Identity Governance platform for employee on-boarding, organizations can achieve the following benefits:

  • Day 1 productivity – Users will be able to begin work without delay
  • Improved efficiency and lower operating costs – Reduced effort for IT staff resulting from automation and reduced tasks for service teams can reduce costs by up to 75%
  • Traceability – Detailed audit logs related to all automated operations and request for access provide traceability into how and why users have the access they have
  • Access Visibility – Unified view of the user’s access in a central location
  • Consistent results – Performing the steps described above manually can be error prone and lacks consistency from user to user