Login

REQUEST PRICING
TRY IT FREE

A User Account Lifecycle Management Cheat Sheet

Table of Contents

User lifecycle management (ULM) begins when a candidate accepts a job offer and continues until that employee leaves the company, covering four key stages—onboarding, role-based provisioning and permission updates, active account management, and secure offboarding.

Key Takeaways

  • User Lifecycle Management (ULM) spans from the initial job offer to the final departure.
  • Automation is critical to prevent security gaps caused by manual provisioning and deprovisioning.
  • Nearly 50% of ex-employees retain access to corporate apps due to lax offboarding processes.
  • Shadow IT makes offboarding difficult; visibility into all SaaS applications is essential for security.
  • Centralized SaaS management platforms streamline both onboarding efficiency and offboarding security.

For HR and IT departments, this means creating user credentials and connecting new employees to cloud resources.

COVID has put user lifecycle management back in the spotlight with workforce disruption, layoffs, and resignations.

So not only are IT and HR leaders swamped due to stay-at-home workers and managers, they’re trying to contend with the amount of SaaS these employees use.

Some of these applications are allowed by the organization, and some are not, adding a whole layer of complexity. (After all, companies can’t deprovision what they can’t see.)

Below we cover best practices for user lifecycle management, spanning onboarding, ongoing provisioning and access management, and secure offboarding. We also share policies that we argue every IT team should implement.

These policies can not only save you money and time but reduce the chance of devastating security breaches.

What is onboarding?

Onboarding is a planned series of events and milestones that bring new employees onto the team, helping them understand their role and what success looks like.

Onboarding’s overall goal is to fully encompass the new employees in the company and ensure they become productive team members.

One of the critical components of this is the software and tools they need to gain access to. The average employee uses eight applications daily.

How to onboard employees effectively

Onboarding employees effectively is critical for any organization. Not only does it help build culture and happy employees, but it also leads to a more productive team and company. (Doing it right is also essential for security and compliance.)

A formal IT onboarding process helps new hires:

  • Familiarize themselves with hardware and software they’ll be using
  • Set up corporate accounts
  • Automatically receive role-based access to SaaS apps and groups, reducing manual effort
  • Learn and follow security guidelines
  • Feel confident they have the tools to get their work done

As we already mentioned, an onboarding policy provisions new accounts across SaaS apps and grant access to all necessary groups, calendars, files, assets, etc.

As you probably already know, this is a process that can, and should, be automated.

Many of the tasks are repetitive, manual, and time-consuming, so there is no reason that a person should be directly in charge of them.

When they are an employee’s task, they may not always be at the top of the to-do list and easily slip by for days or weeks (or never get done). If you implement automation, you can ensure that it never happens.

It’s why we recommend companies invest in a single tool that automates the onboarding process, particularly as it relates to SaaS technology. (SaaS scripting can help here.)

What is offboarding?

Employee offboarding is a systematic way for organizations to manage an employee’s departure, ensuring consistency, and reducing risk to the organization.

A large number of companies handle employee offboarding (also known as: “termination procedures” and “offboarding”) through loose, manual processes like emails, phone calls, and private conversations.

While there may be an offboarding policy in place, a lax offboarding workflow can be extremely dangerous and puts businesses at risk if the policy doesn’t drive the process.

50% of ex-employees can still access corporate cloud applications. Based on a study of five hundred IT decision-makers, their findings indicate that few firms have adequate provisioning, deprovisioning, termination, and login management processes in place.

How to offboard employees effectively

One of the first things you need in place is a transparent communication process between HR and IT. IT must be aware before off-boarding an employee so it can prioritize the necessary tasks.

To ensure a secure departure, IT teams should follow these immediate steps:

  • Automatically suspend all email accounts.
  • Revoke access to Customer Relationship Management (CRM) systems.
  • Execute a comprehensive offboarding checklist to verify termination across all systems.

IT departments must address three primary challenges during offboarding:

  • Visibility: Identifying which apps employees signed up for independently.
  • Permissions: Determining which specific access rights must be revoked.
  • Data Sovereignty: Locating company data residing within those applications.

With the proliferation of Shadow IT, it’s not always easy to do this. That’s where a SaaS management platform like Augmentt comes into play.

A single dashboard for all SaaS apps and usage can increase visibility and avoid security risks associated with employee offboarding.

For example, employees can be quickly onboarded and offboarded to and from the applications they need. Plus, reports can readily show which users have access to what applications, and which licenses.

These processes can automate and simplify life for IT, enabling greater efficiency and productivity.

Key takeaways from user lifecycle management best practices

The stakes for an effective user lifecycle management process are high.

  • Automation cuts repetitive IT work and slashes onboarding/offboarding errors.
  • Consistent provisioning controls license costs and reduces SaaS sprawl.
  • Timely deprovisioning closes security gaps that linger when ex-employees retain access.

There’s been an exponential growth in the number of applications that undeniably increases the risk and time involved. Using a SaaS management platform is crucial to ensuring that nothing falls through the cracks.

Frequently asked questions

What is user lifecycle management (ULM)?

User lifecycle management (ULM) is the set of processes you use to create, manage, and remove user accounts and access from the moment a job offer is accepted through to an employee’s departure.

What are the main stages of user lifecycle management?

  • Onboarding and role-based provisioning
  • Ongoing access and account management
  • Secure offboarding and deprovisioning

Why should you automate user lifecycle management?

  • It reduces manual, repetitive work and helps L1/L2 techs execute consistent workflows.
  • It standardizes access changes so permission updates don’t get missed during role changes.
  • It helps close gaps faster during offboarding, reducing the window for unauthorized access.

For example, 50% of ex-employees can still access corporate cloud applications when offboarding processes are lax.

How does a SaaS management platform like Augmentt help with onboarding and offboarding?

  • Provides centralized visibility into SaaS applications, users, and licenses.
  • Helps standardize onboarding/offboarding workflows to reduce missed steps.
  • Makes it easier to identify shadow IT so you can revoke access consistently.
  • Supports reporting that shows which users have access to which apps and licenses.
Author
Gavin Garbutt
Co-Founder & Chairman of Augmentt

FAQ

Using our GDAP tool & Magic Link, setting up is easy! You can integrate with your CSP partner portal in minutes
Augmentt uses a combination of Microsoft Secure Score best practices as well as industry standards such as NIST & CIS. You can use the out of box templates to get started right away and even build your own custom templates to match your client requirements.
Out of box, Augmentt comes pre-configured to not be noisy. Very few Microsoft alerts are critical in nature so you will be receiving tickets for account breaches and not minor user log related events. That said, everything is customizable and you can turn alerts on & off to match your clients’ needs.
No. You can choose to schedule alerts to any stakeholder you want and at the frequency you want or manually download reports when you need them.
Regardless of how MFA is managed across your tenants, we have you covered. Augmentt supports Conditional Access Policies, Security Defaults, Entra ID per user (Legacy) MFA as well as 3rd party MFA services like DUO.
No. You can use Augmentt to monitor and manage all clients regardless of their licensing. For environments with no premium licensing you can still provide alerts and monitoring for account breaches and configure security best practices. For environments with premium licensing, you can leverage Microsoft’s premium alerts and premium security configurations such as Conditional Access Policies.
Augmentt is one of the few vendors SOC 2 Type II, and GDPR compliant.
Site licenses to make sure you can deliver standardized service across all clients very affordably.

SUBSCRIBE for more resources

Related Content

Policy Sprawl Is Killing MSP Efficiency
Policy sprawl is quietly draining your margins, creating security gaps, and eroding client trust. The good news? Standardization is the cure.
Read More
Does Microsoft Secure Score Tell the Whole Story?
Do you have a complete understanding of your security? See why MSPs need to understand the role licensing plays in Secure Score results.
Read More
Top 10 M365 Security Best Practices for MSPs
Here are the top M365 security best practices to help you enhance protection, ensure compliance, and stay ahead of emerging threats.
Read More