Administrative provisioning maintains a similar concept of downstream provisioning and can also include event detection mechanisms described above. Administrative provisioning helps organizations meet their desired business process and fulfillment requirements without the necessity for automated provisioning. Often times, organizations are either not prepared to automate a process, or the downstream target may not support automation for whatever reason. For this business case, Fischer provides the ability for organizations to initiate a request to [manually] provision end user accounts or entitlements and then require the system owners that actually performed the provisioning to return to Fischer and indicate they’ve completed the request. This provides organizations with a complete audit of the event and also provides the mechanism Fischer needs to associate the account and/or entitlements with the identity profile within Fischer. Another term the industry uses to describe this is “Closed Loop Provisioning”.
Essentially this means the ability for the IAM solution to close the loop for auditing purposes. If the administrator tasked with manually creating the target accounts did not report back to the IAM system that the process was complete, the identity system would not know the account existed and it would be flagged during an audit and could potentially be labeled as an orphan account since there was no person (identity) it was actually associated with. Administrative provisioning is an important feature to help organizations fulfill their business requirements when technical challenges may arise that do not allow for end to end automation.
Implementing Admin Provisioning
Refer to the Implementing Admin Provisioning Guide for more details.