Employee Profiles in Automated Access Management
Säkkinen, Harri (2020)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020051912275
https://urn.fi/URN:NBN:fi:amk-2020051912275
Tiivistelmä
Employee profiles in automated access management is an interesting topic because it is about defining what access rights a group of employees needs to do their work. Then letting a script grant or remove the rights. Unlike humans, machines cannot interpret or assume, so the instructions need to be precise, which are not readily available in a multi-system, multi-department organization. As the number of systems increases, so do the users.
Consequently, the task of maintaining the access rights becomes more complex and repetitive. In the case city, the process was carried out manually by technical support personnel and considered mundane, so the need to automate was readily acknowledged. The primary objective of the study was to learn how the employee profiles could be defined in such a way that the profiles could be used as a starting point for access automation. Without this information, the department of IT has no comprehensive picture of who or what needs access rights or why they are needed, making automation efforts difficult.
The necessary information can be gained by interviewing super users in 1-to-1 interviews, each roughly 45 minutes long. The resulting employee profile tables gave insight to the tasks the profiles carry out and which systems they access. The conclusion was that these profiles give the necessary insight to understanding the employee groups and their value, but to automate the access related tasks further details are needed.
Thus, future automation projects should carry out integrations hand-in-hand with employee profiling, where the profiling identifies which employee groups would benefit from automation and give the benefits an understandable value proposition. Based on this information, a city can then decide which profiles are moved into the automation pipeline.
Consequently, the task of maintaining the access rights becomes more complex and repetitive. In the case city, the process was carried out manually by technical support personnel and considered mundane, so the need to automate was readily acknowledged. The primary objective of the study was to learn how the employee profiles could be defined in such a way that the profiles could be used as a starting point for access automation. Without this information, the department of IT has no comprehensive picture of who or what needs access rights or why they are needed, making automation efforts difficult.
The necessary information can be gained by interviewing super users in 1-to-1 interviews, each roughly 45 minutes long. The resulting employee profile tables gave insight to the tasks the profiles carry out and which systems they access. The conclusion was that these profiles give the necessary insight to understanding the employee groups and their value, but to automate the access related tasks further details are needed.
Thus, future automation projects should carry out integrations hand-in-hand with employee profiling, where the profiling identifies which employee groups would benefit from automation and give the benefits an understandable value proposition. Based on this information, a city can then decide which profiles are moved into the automation pipeline.