Skip to content

Configuring IdentityNow for Provisioning

Use IdentityNow Provisioning to onboard new users faster, track user employment status, and adjust each user's access accordingly. And because you configure provisioning one time for multiple users, provisioning can greatly reduce the possibility for human error and make your job easier.

It's critical that you consider the specific needs of your organization to determine how to configure provisioning to meet those needs. Before you begin, ensure all prerequisites have been met.


Best Practice

Always test new configurations in your IdentityNow sandbox before going live on your production system.

To set up IdentityNow provisioning:

  1. Review and update the provisioning policy for each source you want to provision to. The provisioning policies define how IdentityNow provisions to each source.
  2. Create access profiles to represent bundles of access in your organization. The access profiles ensure new accounts have the correct access.
  3. Configure any or all of the following provisioning methods, based on your site’s needs. Do not enable these configurations until you have tested them in your sandbox environment.
    • Attribute sync, to synchronize account data on sources with the new data on IdentityNow.
    • Lifecycle states, to automatically grant access based on users' employment status in the company.
    • Roles, to provide access to applications and sources based on users' job functions.
    • Access requests, if you have the Access Request service, to enable users to request application and other access. Users automatically receive access after approval.
  4. After you’ve tested each of your provisioning methods in the sandbox, enable them in production on the configuration page for each method.

If an identity has more than one account on a source, you might need to make configurations to individual access profiles to determine which account receives access because of provisioning actions.

Verifying Provisioning

If provisioning a new account on a source fails, IdentityNow doesn't automatically retry the action. Verify provisioning through the Admin interface or using provisioning reports.