What is User Provisioning?

Create and manage users’ access to on-premises, cloud, and hybrid apps

What is User Provisioning

Simply put, user provisioning is the process of creating, updating and deleting user accounts in multiple applications and systems. This can sometimes include associated information, such as user entitlements, group memberships and even the groups themselves. Many organizations have moved to automated user provisioning, which is the systematic creation and management of user data relative to users’ ability to access resources, such as applications, that are available in one or more systems. Accessible systems can be on-premises, cloud-based, or a hybrid of the two.

User provisioning key benefits

Automated user provisioning is one of the main features of many identity and access management (IAM) solutions. Provisioning comes into play when an employee joins an organization, moves to a different department or division, or exits a company. This is known as the joiner/mover/leaver (JML) process. By integrating an IAM solution directly to HR and personnel systems, you connect the process of creating/updating/deleting user accounts with HR actions. Actions that result in changes to HR data, such as those related to employee onboarding and offboarding, can automatically result in changes to permissions for accessing systems and applications tied to corresponding employee accounts.

User provisioning provides the following key benefits:

  • Easily onboard and offboard employees: Create and maintain employees’ user attributes, such as usernames, roles, and profiles, and automatically assign access permissions and user accounts based on predefined roles and flexible entitlement rules.
  • Streamline user management across applications: Automatically import users from Active Directory (AD), Lightweight Directory Access Protocol (LDAP), and other apps. Provisioning enables you to continuously propagate user profiles to ensure that your systems have the latest updates.
  • Increase security and reduce cost: Use HR-Driven Identity Management (IM) to prevent former employees from having continued online access, to totally eliminate the possibility of zombie accounts sitting idle and at risk of being compromised.

How does user provisioning work?

In a basic automated provisioning workflow, you add users to apps based on specific user roles. Whenever a user is assigned a role, that user is automatically created in the associated app and granted access permissions. In the diagram below, once a new user is provisioned, that user is added to the Sales role, and is therefore granted access to the apps associated with that role. In this example, the provisioned user can access to Salesforce, Office 365, and G Suite.

When it's time to deprovision former employees from apps, you want a solution that lets you simply change the user’s status, so that the user's accounts in all apps will be deleted or suspended, depending on the configuration preferences that you set.

How does user provisioning and de-provisioning make companies more secure?

The risk of costly security breaches for companies who fail to provision properly or deprovision quickly is huge: the average cost of a data breach is $148 per record and $7.91 million per breach in the U.S. As a result, breached companies often underperform the market for years following a major breach, and 60% of small businesses fold within six months of a successful attack.

Automated user provisioning helps keep your company secure by ensuring employees have access only to the apps they need. Automated user de-provisioning helps keep your company secure by ensuring that whenever an employee leaves, their access is automatically removed for all connected applications. In addition, all existing user sessions are removed to reduce security risk.

Thanks for signing up.

We’ve sent a verification email to

To complete your trial sign up, please check your email and follow instructions to verify. You may need to check your spam. You will be prompted to set up a password and log in. Please note that your user name is your email address.

Get Started in 3 Easy Steps:

Try OneLogin Free for 30 days

All fields are required

  • This field is required.
  • Please enter your first name
  • Please enter your last name
  • Please enter your job title
  • Please enter your phone number
  • Note: Please enter a work email address only as we DO NOT accept web-mail addresses (gmail, yahoo, hotmail, etc.)

    Is that a correct business email address?
  • Please enter company name
  • .onelogin.com
    Please choose another subdomain
  • Please enter number of employees
  • Please enter country
  • Please enter state
  • By completing and submitting this form, I agree to the storing and processing of my personal data by OneLogin as described in our Terms of Service and Privacy Policy.

  • Invalid reCaptcha
  • By creating your account, you agree to the Terms of Service and Privacy Policy.

Related Resources:

HR-Driven Identity Automation (video)

Showcase of HR-Driven Identity Automation with a OneLogin customer

Read More

What is Identity and Access Management?

Use Identity and Access Management (IAM) to ensure that employees and entities have the appropriate level of access to company resources.

Read More

The dirty secrets about de-provisioning

Failure to de-provision can lead to costly breaches. Increase security by implementing a provisioning solution that protects your business and ensures that employees stay productive.

Read More

8 Reasons High Tech Companies Should Automate Cloud App Provisioning and Deprovisioning

Onboarding and offboarding can be administered more easily and securely with provisioning and deprovisioning.

Read More