User lifecycle management (ULM) begins when a candidate accepts a job offer and continues until that employee leaves the company, covering four key stages—onboarding, role-based provisioning and permission updates, active account management, and secure offboarding.
Key Takeaways
- User Lifecycle Management (ULM) spans from the initial job offer to the final departure.
- Automation is critical to prevent security gaps caused by manual provisioning and deprovisioning.
- Nearly 50% of ex-employees retain access to corporate apps due to lax offboarding processes.
- Shadow IT makes offboarding difficult; visibility into all SaaS applications is essential for security.
- Centralized SaaS management platforms streamline both onboarding efficiency and offboarding security.
For HR and IT departments, this means creating user credentials and connecting new employees to cloud resources.
COVID has put user lifecycle management back in the spotlight with workforce disruption, layoffs, and resignations.
So not only are IT and HR leaders swamped due to stay-at-home workers and managers, they’re trying to contend with the amount of SaaS these employees use.
Some of these applications are allowed by the organization, and some are not, adding a whole layer of complexity. (After all, companies can’t deprovision what they can’t see.)
Below we cover best practices for user lifecycle management, spanning onboarding, ongoing provisioning and access management, and secure offboarding. We also share policies that we argue every IT team should implement.
These policies can not only save you money and time but reduce the chance of devastating security breaches.
What is onboarding?
Onboarding is a planned series of events and milestones that bring new employees onto the team, helping them understand their role and what success looks like.
Onboarding’s overall goal is to fully encompass the new employees in the company and ensure they become productive team members.
One of the critical components of this is the software and tools they need to gain access to. The average employee uses eight applications daily.
How to onboard employees effectively
Onboarding employees effectively is critical for any organization. Not only does it help build culture and happy employees, but it also leads to a more productive team and company. (Doing it right is also essential for security and compliance.)
A formal IT onboarding process helps new hires:
- Familiarize themselves with hardware and software they’ll be using
- Set up corporate accounts
- Automatically receive role-based access to SaaS apps and groups, reducing manual effort
- Learn and follow security guidelines
- Feel confident they have the tools to get their work done
As we already mentioned, an onboarding policy provisions new accounts across SaaS apps and grant access to all necessary groups, calendars, files, assets, etc.
As you probably already know, this is a process that can, and should, be automated.
Many of the tasks are repetitive, manual, and time-consuming, so there is no reason that a person should be directly in charge of them.
When they are an employee’s task, they may not always be at the top of the to-do list and easily slip by for days or weeks (or never get done). If you implement automation, you can ensure that it never happens.
It’s why we recommend companies invest in a single tool that automates the onboarding process, particularly as it relates to SaaS technology. (SaaS scripting can help here.)
What is offboarding?
Employee offboarding is a systematic way for organizations to manage an employee’s departure, ensuring consistency, and reducing risk to the organization.
A large number of companies handle employee offboarding (also known as: “termination procedures” and “offboarding”) through loose, manual processes like emails, phone calls, and private conversations.
While there may be an offboarding policy in place, a lax offboarding workflow can be extremely dangerous and puts businesses at risk if the policy doesn’t drive the process.
50% of ex-employees can still access corporate cloud applications. Based on a study of five hundred IT decision-makers, their findings indicate that few firms have adequate provisioning, deprovisioning, termination, and login management processes in place.
How to offboard employees effectively
One of the first things you need in place is a transparent communication process between HR and IT. IT must be aware before off-boarding an employee so it can prioritize the necessary tasks.
To ensure a secure departure, IT teams should follow these immediate steps:
- Automatically suspend all email accounts.
- Revoke access to Customer Relationship Management (CRM) systems.
- Execute a comprehensive offboarding checklist to verify termination across all systems.
IT departments must address three primary challenges during offboarding:
- Visibility: Identifying which apps employees signed up for independently.
- Permissions: Determining which specific access rights must be revoked.
- Data Sovereignty: Locating company data residing within those applications.
With the proliferation of Shadow IT, it’s not always easy to do this. That’s where a SaaS management platform like Augmentt comes into play.
A single dashboard for all SaaS apps and usage can increase visibility and avoid security risks associated with employee offboarding.
For example, employees can be quickly onboarded and offboarded to and from the applications they need. Plus, reports can readily show which users have access to what applications, and which licenses.
These processes can automate and simplify life for IT, enabling greater efficiency and productivity.
Key takeaways from user lifecycle management best practices
The stakes for an effective user lifecycle management process are high.
- Automation cuts repetitive IT work and slashes onboarding/offboarding errors.
- Consistent provisioning controls license costs and reduces SaaS sprawl.
- Timely deprovisioning closes security gaps that linger when ex-employees retain access.
There’s been an exponential growth in the number of applications that undeniably increases the risk and time involved. Using a SaaS management platform is crucial to ensuring that nothing falls through the cracks.
Frequently asked questions
What is user lifecycle management (ULM)?
User lifecycle management (ULM) is the set of processes you use to create, manage, and remove user accounts and access from the moment a job offer is accepted through to an employee’s departure.
What are the main stages of user lifecycle management?
- Onboarding and role-based provisioning
- Ongoing access and account management
- Secure offboarding and deprovisioning
Why should you automate user lifecycle management?
- It reduces manual, repetitive work and helps L1/L2 techs execute consistent workflows.
- It standardizes access changes so permission updates don’t get missed during role changes.
- It helps close gaps faster during offboarding, reducing the window for unauthorized access.
For example, 50% of ex-employees can still access corporate cloud applications when offboarding processes are lax.
How does a SaaS management platform like Augmentt help with onboarding and offboarding?
- Provides centralized visibility into SaaS applications, users, and licenses.
- Helps standardize onboarding/offboarding workflows to reduce missed steps.
- Makes it easier to identify shadow IT so you can revoke access consistently.
- Supports reporting that shows which users have access to which apps and licenses.
