I have this question related to the process of provisioning an external user in an identity and access management solution. How to provision an external user that for example comes to do one night work or a user that is just covering another employee? I mean what would be the best way to manage such a user. For example a doctor that would go to a health center only for one day or a night? Or is just hired to cover for a sick doctor for one night? Should we do the same provisioning as we would do for an external user with few months contract or for a cosultant?
I do appreciate your help.
Thanks, Adia
By provisioning a user within a federated architecture, I assume that you mean provisioning into your user credential store such as Active Directory, as well as provisioning user session information into web applications that require some knowledge of identity (minus the password).
The first thing to manage temporary workforce is to create an OU in the AD with an appropriate security policy for these types of users. This can also be done for consultants, teammates, etc.
The second thing to do would be looking at user provisioning software. Most commercial products on the market do support workflows that could activate a user on a particular day and terminate on a particular day. For the temporary worker, once approved, the workflow would set the dates the user is active within the enterprise. One such product I have used for user provisioning that has this feature is SailPoint IdentityIQ.