AccountCourier® - User Provisioning

AccountCourier, Courion's user provisioning solution, automates the process of creating and managing user accounts across a wide variety of enterprise systems.

• Enforces security and segregation of duties policies
• Enables compliance monitoring and reporting
• Snaps seamlessly into existing heterogeneous environments
• Eliminates typical prerequisites and dependencies

• Provides rapid business impact through flexible, modular software design and streamlined deployment approach
• Enables business managers to provision for their staff and customers
• Integrates user provisioning with existing business workflows for hiring, modifying, or staff termination
• Eliminates administration via self-service and automation to maximize cost savings, improve service, and reduce the potential for human error

• Out-of-the-box user provisioning functionality designed for rapid deployment and easy administration
• Easily extensible to the full AccountCourier solution
• Available from Courion and Courion’s value-added resellers

Addressing Provisioning and De-Provisioning Challenges

Enterprise user provisioning/de-provisioning solutions hold the promise of providing cost savings, improved security policy enforcement, and business process improvement. Unfortunately, there are many barriers to achieving those goals – including vendor solutions that levy onerous up-front requirements, require significant consulting investments, cannot accurately model existing business processes, and need continual programming investments to adapt to changes in the business.

Recognizing the pitfalls of traditional provisioning/de-provisioning approaches, Courion’s AccountCourier provisioning solution is built to enable customers to achieve lasting business results with minimal work up-front. The flexibility to initially focus the provisioning deployment on the most significant customer pain points, coupled with an architecture that is highly adaptable and extensible to incorporate business changes, enables Courion to provide a rapid impact provisioning solution to any size organization.

Courion built AccountCourier based on Dynamic Community™ set-based provisioning and de-provisioning, a technique that enables our provisioning system to embrace a broad range of changes in the business environment on a real time basis. This approach allows AccountCourier to accommodate and leverage technical and business diversity – rather than try to force an organization to change to accommodate provisioning technology. As a result, AccountCourier is uniquely positioned to deliver automated user provisioning more quickly and at lower risk than any other solution.

New Employee Onboarding and Provisioning

Employee onboarding is a systematic and comprehensive approach to orienting a new employee to help them get "on board." There are two high-level goals of the onboarding process:

• To make new employees feel welcome and comfortable in their new surroundings.
• To minimize the time before new employees are productive members of their new workgroup.

From the employer's perspective, self-service user provisioning as an integral part of onboarding can help minimize the downtime typically experienced when bringing a new employee into the department.  As a flexible user provisioning system, AccountCourier is configurable to your company’s onboarding process.

The heterogeneity of today's technology infrastructure, combined with the dynamic nature of business processes, makes it very challenging for corporations to enforce security policies and thus ensure compliance. AccountCourier provides a flexible and adaptable approach to enable organizations to achieve their desired level of security policy automation while also meeting policy enforcement requirements. It also provides audit capabilities to ensure that provisioning activities are captured in support of compliance monitoring and reporting.

Due to the inherent difficulties of managing large numbers of users, accounts, and attributes for a provisioning system, many organizations take the approach of defining a set of user “roles” which define common access to resources. Unfortunately, due to a lack of a centralized view of users and their access rights, role definition is often a difficult process. In recognition of this, AccountCourier integrates with the RoleCourier™ role management solution to automate role creation, provide role lifecycle management, and assign users to one or more roles as part of the provisioning process. However, for organizations that are not yet ready to define a role infrastructure, the flexibility of the Courion approach allows provisioning to be deployed without roles.

AccountCourier performs the following major functions:

• Provides the flexibility to leverage existing policy information, and dynamically generate new policy in accordance with changing business needs
• Enables business managers to directly provision for their staff and customers – allowing security policy to be enforced based on operating knowledge of the business
• Integrates user provisioning with the rest of your business workflow for hiring, changing and terminating staff responsibilities
• Eliminates administration via self-service and automation to maximize cost savings, improve service, and eliminate the potential for human error
• Delivers a reusable audit framework to automate periodic and ad hoc access verification and reporting.

AccountCourier enforces that provisioning actions are in accordance with security policy by systematically stepping through workflows – whether they are fully automated or manual – in accordance with the “policy funnel”.

In the first step of the funnel, the rights of the provisioner – the individual who is requesting a provisioning action – are verified against his role, rules, or other policy data. At each progressive step down the funnel, policy checking is performed for each specific aspect of the provisioning action: the target user or users being provisioned, the resource for which access is being granted, the required approvals, and audit constraints. All provisioning workflows – from those that are completely manual to fully automated “lights out” processes – are processed in accordance with this model, and executed against the authoritative data source as specified by the customer to ensure data accuracy.

SoD policies are used to prevent a single individual from controlling two or more parts of a transaction where the potential for fraud or error exists. AccountCourier provides key SoD policy definition capabilities – both to define new SoD policies, and to link to existing coded policies using Courion’s PolicyLinkTM connection technology. By retrieving policy data from its source within the existing infrastructure at the time a transaction occurs, enterprises have assurance that the policy data is current. Policy data is used to ensure that user provisioning actions that would create SoD violations are detected and prohibited. For cases where policy needs to be defined, Courion provides a point-and-click policy definition tool supporting multi-step serial/parallel, bulk, and policy-driven approvals. This approach eliminates the need for complex programming required by other solutions.

AccountCourier quickly connects to your existing heterogeneous IT infrastructure, accessing specific data from your authoritative sources in real-time, thereby always remaining up to date without requiring any additional data-cleansing, replication or meta-directory initiatives. The connection technologies, which are common across the Courion Enterprise SuiteTM solution, include:

IdentityLink™
The IdentityLink™ connection is a system of pointers that connect in real-time to existing databases and directories, enabling you to quickly build workflows and rules using the identity and user data that already exists within your enterprise.

ServiceLink™
The ServiceLink™ connection links in real-time to existing service desk systems, enabling you to leverage your current tools to track the details of every user provisioning action.

AssetLink™
The AssetLink™ connection extends provisioning beyond IT applications to include managing access to tangible assets – such as mobile phones, laptops, vehicles, and security badges – by providing a bi-directional, real-time connection to a variety of widely used asset management systems.

AuditLink™
The AuditLink™ connection monitors all provisioning activity, records detailed transaction data and automatically creates, updates and closes tickets in your help desk application.

PolicyLink™
The PolicyLink™ connection works in conjunction with Dynamic Communities technology to virtualize your policy stores and to build communities out of your infrastructure, thereby modeling your business rules and processes.

All of Courion's enterprise provisioning solutions leverage a common technology platform − Courion's Enterprise Provisioning Platform − which provides common services and connectors to customers' existing IT environment. This component - based approach is superior to competitive solutions because it allows Courion solutions to quickly integrate with and leverage a customer's existing directories, databases and help desk systems. It also permits customers to choose which applications they want to implement first, without having to implement a "heavy" infrastructure. This architecture enables customers to easily add new managed systems and new technologies as their business needs change, and as they acquire additional organizations or bring in new applications. Our component- based model also assists Courion in delivering additional capabilities quickly and efficiently − including new features and expanded platform coverage.

Contact Courion for more information on how the Courion Enterprise Provisioning Suite™ solution can deliver results to your business.

Back To top