Application Onboarding Essentials

https://media.sath.com/Person_bb0afc3aa1/Person_bb0afc3aa1.png

Sath Inc

IDHub Team Member

application-onboarding.jpg

Application On-Boarding Questionnaire
GET MY COPY

Make Onboarding Apps Smarter, Not Harder

Onboarding new applications for your team and determining the rights that apply to all your users is a tedious process.  However, it's possibly the most critical of any Identity And Access Management Platform.

With every App onboarding process, you will need to establish a few key elements.

  • What Users and systems will have access?
  • What privileges will be available?
  • How will new access requests get handled?
  • How will requests get approved?
  • Who is going to manage this thing?

You will need to establish the protocols for new users submitting requests to gain access to each new Application.

App onboarding will require you to consider the primary users, privileged users, what privileges are available, system users, and any other connected applications, databases, APIs, runtime events, or resources.

If done correctly...

Getting the proper user access and request protocols in place from the start will save you headaches down the road.

Administrators and security managers should be able to easily monitor and audit the governance of the entire user base.

The Application lifecycle for all users should be available from a single user interface if it has been set up correctly with an Identity Management system.

Additionally, pulling relevant reports should be a simple process.

Application Onboarding Flow

Although there are several onboarding approaches, we've found one simple rule essential to establishing a consistent onboarding flow.

Since it's vital that we cover all of our bases when we first onboard a new Application, it's considered a best practice to have a standardized list of questions that the requestor can answer when you or they are first setting it up.

It's always advisable to avoid complex functionality and make things as repeatable, simple, and consistent as possible. Doing so will speed up the time it takes to onboard and provides a safeguard against compliance issues later when you don't want to deal with them.

In many cases, it's not a bad idea to keep this kind of record as a reference for all current applications, even if onboarding has already been completed.

Every newly purchased Application, subscription, system development, or internal Application will need to go through the standard core functionality of the on-boarding process, so getting the basics down upfront, is a great way to avoid conflicts or commonly missed issues. 

Application Onboarding Steps: We've Got You Covered!

Typical onboarding will require a few universal steps.

  1. A request for a new application will be created.
  2. IAM Admins will review the request and verify the target Application resource requirements.
  3. Define the Application Administrators.
  4. Verify the connectivity methods of the Application to your IAM.
  5. The owner will fill out the IAM application onboarding questionnaire.
  6. IAM Team will schedule the implementation.
  7. IAM Team will build and test the connections.
  8. The owner will work with the IAM team to develop the Request form for First-Time users to request access to the Application and available roles.
  9. IAM team will configure IAM Roles to have access to the Application.
  10. IAM Team will provision any initial users with their privilege levels.
  11. If the Application is disconnected from the IAM platform, the Owner and IAM Team will create a protocol for conducting reconciliation audit processes to account for any orphaned accounts or unauthorized access levels with the ability to quickly deprovision applications or accounts if necessary.
  12. The Owner or IAM Team will complete the Application On-boarding.
  13. IAM Team will work with the owner to make any additional updates or changes.
  14. IAM Team, as well as the owner, will maintain the Application along with any compliance requirements.

Onboarding Best Practices

  • Whenever possible, try and incorporate pre-defined Identity Roles to assign permissions and access to Applications instead of giving it to individual App users.
  • Avoid root accounts whenever possible and instead, enable rotating credentials for system accounts with vaulting.
  • Utilize certifications and periodical audits by the account "Owner" or another user to monitor that every Application is up to date and does not have any orphaned user IDs.
  • Finally, make sure to maintain a dedicated flow protocol with application templates of core features for frequent use cases and scenarios.

Free Application On-Boarding Questionnaire