This application relates in general to computing-resource provisioning, and more specifically to systems and methods for allocating resource usage rights and access privileges to users of a computing environment.
For the purposes of the present discussion, a computing resource may be any computing entity, characteristic, or functionality. A computing entity may be any hardware and/or software functionality or components employed by one or more computers to facilitate performing a function. Examples of computing entities include software applications, hardware devices, networks, and so on. Examples of characteristics include communications link bandwidth, processor speed, data storage capabilities or allocations, and so on. Examples of functionality include email access and functions, Internet access, and so on. Note that computing resources may include hardware resources, such as memory, central processing unit time, and so on. Examples of software resources include email, Customer Relationship Management (CRM), and Human Capital Management (HCM) software for providing human resource management functionality, and so on.
Systems for allocating computing resource usage rights and access privileges are employed in various demanding environments and applications, including enterprise employee intake processing, government agent account setups, university student account setups, and so on. Such computing environments often demand efficient mechanisms for establishing new accounts (e.g., email accounts) for use with different software applications; for setting up user privileges and access to software applications, such as databases, calendar software, and so on.
Systems and methods for efficiently provisioning or allocating computing resource usage rights, access rights, and privileges are particularly important in enterprise environments. Such environments may include many applications and complex corporate provisioning policies, which may periodically change. For example, a corporate provisioning policy may require that a newly hired receptionist will have different privileges and access to a different set of computing resources than a newly hired corporate executive. The receptionist is said to have different roles than the corporate executive, where the roles affect provisioning policies that are applied to the user.
Each software application in an enterprise computing environment may include various application-specific settings that must be defined before a particular user can establish an account to access and/or use the application. Such applications, e.g., certain email applications or calendar applications, may require only a role, a username, and/or a password, while other applications may require an administrator to perform a sequence of manual set-up steps before a user can access functionality of the application.
An enterprise computing environment may include various users, such as employees, contractors, suppliers, customers, partners, etc., with different provisioning needs. The enterprise provisioning policy often must balance user-provisioning needs with the requirements of each software application to be used by a given user.
Conventionally, when an enterprise hires a new employee or acquires a new partner, customer, or supplier, a tedious manual process is employed to establish email accounts; set up access to particular databases; register for access to various applications and functionality available on the corporate network; obtain necessary approvals for registering certain accounts; validate or authenticate user account information; deliver account-setup confirmations, and so on. A similar process occurs when an employee, customer, partner, etc., changes roles or must otherwise update their resource privileges. The manual process may include registering a given user with each individual application using the application's interface, while simultaneously ensuring that the enterprise provisioning policy is being followed. Unfortunately, this is not only costly and time consuming, but may increase susceptibility to error and security breaches. This is particularly problematic in large enterprise systems that may need to periodically provision many applications and systems each time a new employee is hired, a customer is added to a CRM database, a provisioning policy is changed, a new software application is deployed, and so on.
Previous attempts to facilitate account registration and related provisioning processes involving multiple applications by standardizing the process have proven problematic, since different businesses often have substantially different requirements, application sets, and corresponding provisioning needs. One approach involved configuring applications to call the same Application Programming Interface (API) to create an account. Unfortunately, each application still relied upon different registration requirements, which complicated the process of accommodating changes in the computing environment. Generally, to account for changes in provisioning needs of an enterprise computing environment, re-coding, retesting, and redeploying of application components was required.