Happy and productive professionals are the prime movers in organizational success. Compensation, culture, and benefits all play a role, but perhaps the most relevant factor is people’s ability to do their jobs. As every HR professional knows, in most organizations, the biggest barrier to productivity is friction related to accessing and using necessary technology, like an HRIS or HCM. That’s where IT comes in.
IT’s primary mission is to ensure that all the right people have access to all the right resources in a way that makes it easy for people to do their jobs—balanced with the need to make sure that it all happens without security or compliance failings.
The best way to ensure this is to leverage HR and IT solutions that help automate processes, eliminate human error, and minimize gaps in communication between the HR and IT teams. Using automation also frees up HR and line managers to focus on optimizing the onboarding process, creating a better and more streamlined employee experience.
Sounds easy, right? Not so fast!
Before we dive into the advantages of using HR and IT automation to help, let’s take a look at what needs to happen each time someone joins the company and the roles HR and IT play in the technical onboarding process.
Step 1: Initiation
When a company hires someone new, the new hire starts the onboarding process, beginning with creating their account (or “identity”) in the HR platform. They directly add their personal details (e.g., date of birth, Social Security Number, start date, role, etc.) to the HR platform.
Traditionally, the communication between HR and IT regarding new hires has been manual: phone calls, emails, Slack messages, a home-grown web form through tools like ServiceNow, or even watercooler conversations.
If this communication doesn’t happen perfectly, the employee experience suffers due to delays or incomplete access. Communication gaps can also require the new hire to deal with heavy IT intervention throughout their onboarding process, significantly disrupting their experience.
With an HR platform, all the information new hires add to the HR platform gets pushed automatically to the IT team, who must set up (or provision) computers and mobile devices. IT must also make sure the new hire has access to networks, WiFi, and all of the applications required to do their job.
Step 2: Provisioning
Once HR notifies IT of a new hire, the real work begins.
Someone (typically IT) must give the new hire access to everything they need. This means setting up individual accounts. It’s not a cut-and-paste operation, as each resource has unique requirements. For example, an action taken on one resource (such as provisioning a user’s account in Slack) doesn’t apply to others (such as Google Workspace, WiFi, and their laptop).
IT must execute similar actions on each and every resource and set up new accounts for every application, network, and service the new joiner needs to access. These actions include setting up the user’s account (or “identity”) in a directory, determining how the user will authenticate (such as a password and multi-factor authentication), and what permissions they will have.
But the disjointed nature of those actions takes time, requires a lot of manual processes, and opens the opportunity for errors. This complicated process can negatively affect the employee experience, as gaining full and appropriate access to everything can take a long time, leaving them unable to access apps and systems they need to do their job for days or even weeks after their start date.
Step 3: Authorization
IT sets up permissions in each system as part of the provisioning process. But, while IT knows how to do this technically, they’re not the ones responsible for determining what those permissions should be. That decision falls to the hiring manager and, ideally, is reflected in the role assigned to the new hire within the HR platform.
In entirely manual scenarios, the IT team often has to guess what permissions they should grant to every new hire. Alternatively, they’ll have endless conversations with the hiring manager (and/or HR) to ensure the new joiner’s permissions are correct.
Often, teams default to a “just give John the same permissions as Mary since they have the same job” mindset. This is problematic, especially when Mary may not have the correct permissions in the first place. For instance, she may have leftover permissions from a previous role that should not be available to her, or worse, IT just granted Mary all the permissions to make sure nothing is missing.
Faulty authorization practices require IT to constantly adjust authorization settings until they get them right, which can have a big (and negative) impact on employee satisfaction. Additionally, over-authorizing or incorrectly authorizing is a recipe for a security and compliance disaster, negatively impacting the entire organization.
Step 4: Authentication
Finally, the IT team must set up how the new hire will log on to all the resources they must access. Similar to provisioning and authorization, each system has its own login procedure. Each resource requires its own username and password and implementing advanced security, such as multi-factor authentication, is highly inconsistent.
This is perhaps where employee satisfaction and productivity take the biggest hit. While provisioning friction can delay time-to-productivity, cumbersome and onerous authentication practices will make every day a slog through the swamp of inefficiency.
The average employee at a small-to-medium enterprise (SME) has 19 different passwords. That’s 19 separate logins and 19 different passwords to remember (and if someone forgets a login or password, IT needs to help restore access). It also means 19 different processes IT must maintain and manage. Technologies such as single sign-on (SSO) alleviate some of the burdens but are ineffective for anything beyond modern, standards-based web applications.
Remember: IT are employees, too
IT staff typically are fulfilled by innovation and technology projects that “move the needle.” They do not enjoy tedious provisioning actions, endless password resets, or attempting to make the user experience better despite inconsistencies in what resources can support them.
They are also particularly averse to being the “bad guy” when, for the sake of security, they must make it harder for people to access resources. When HR aligns with their IT counterparts, it’s important to remember that IT cannot simply flip a switch to make provisioning, authorization, and authentication happen perfectly and immediately every time.
Bridging the HR-IT gap
There is hope. By bridging the gap between HR-initiated requirements and IT-driven fulfillment, organizations can dramatically remove the barriers to employee (and IT) satisfaction and productivity. Despite the complexity, these challenges can be easy to solve with the right tech.
For example, your SSO solution may provide a unified approach to permissions and authentication. There’s a chance it may also provide a bit of provisioning. However, many SSO solutions leave gaps because they take a one-size-fits-all approach to authentication and authorization. This can be problematic because catering to “one size” is often a compromise away from the ideal.
Real-world application, step 1: Initiation
The integration between the Bob HR platform and JumpCloud, a self-service IT and SSO solution that centralizes the management of user identities and devices, removes barriers to employee satisfaction and turns all the required IT tasks into automatic, repeatable, and entirely accurate transactions—resulting in “no-touch” onboarding.
When a new hire joins a company using Bob, the first thing they’ll do is enter their personal details (name, ID, date of birth, etc.). Bob becomes the authoritative source for all personal data, with identity coming first. The record includes everything necessary to convey correct information to all the resources the new hire must access.
The two-way integration between Bob and JumpCloud allows Bob to send JumpCloud all the information automatically and vice versa. It also establishes a master identity the employee (and IT) can use to access activities and controls going forward.
For example, information in Bob states a new hire’s start date. JumpCloud pulls that information from Bob and automatically executes the necessary actions according to a specific workflow, ensuring the new hire has access to the systems they need when they need them—without any manual work by IT or HR.
Gone are the days of emails, Slack messages, spreadsheets, and water cooler conversations. And gone are the days of HR having to communicate changes to IT or IT having to reach out for clarifications or additional information.
How the integration helps:
- Enables people to onboard quickly and smoothly and get started immediately
- Automates and optimizes HR-to-IT communication
- Ensures the accuracy of requests
Real-world application, step 2: Provisioning
With Bob’s identity data and employee activation date, JumpCloud automatically sets up the user account in every system the new hire needs to access. That includes all devices, web applications, networks (such as the VPN and WiFi), legacy applications (or those that don’t support SSO), and infrastructure.
IT no longer has to run from resource to resource setting up accounts, and HR no longer has to worry about how long the process will take or if people will come back asking for things that fell through the cracks.
How the integration helps:
- Enables new hires to get productive immediately
- Eliminates tedious and error-prone, manual IT processes
- Ensures complete access to everything from day one
Real-world application, step 3: Authorization
Based on the Bob-provided identity, JumpCloud places new hires in the correct authorization group, which controls authorization precisely and optimally for every resource the new hire needs to access.
The integration relieves the IT team of the burden of guessing what permissions a user should have. Over-authorization is no longer an option, and mis-authorization is a thing of the past.
With solutions like JumpCloud, user groups can be used to enforce conditional access based on what resource is being accessed. For example, if someone in the Accounting group attempts to access Accounts Payable from a remote location, JumpCloud can require multi-factor authentication to ensure the validity of the user’s identity and request.
How the integration helps:
- Ensures people receive the proper permissions
- Eliminates IT guesswork
- Enables you to customize security according to your needs
Recommended For Further Reading
Real-world application, step 4: Authentication
JumpCloud removes friction from the login experience by providing a unified authentication experience for all resources. People use the same identity to access everything they need. This makes it just as easy to access an application as it does to access the network, WiFi, or the laptop they’re working on.
However, the big advantage of this integration is that it also affords organizations flexibility in how they enable access. In other words, organizations can grant access in the way that best suits the needs of their business and people. For example, the integration will enforce multi-factor authentication wherever you need it, but also only when you need it.
How the integration helps:
- Provides people with frictionless access to all the resources they need
- Relieves IT of the burden of password resets and other access issues
- Enables custom security to match your organization
Integrating IT and HR tech is key to boosting the employee experience
When companies combine the powers of HR and IT technology, it also boosts the relationship between their teams. Integrating these technologies helps forge the critical partnership between HR and IT teams, enabling the creation of an ideal employee experience from onboarding to offboarding.
By working together and with the right tech, companies can streamline operations, raise the bar on security, eliminate tedious and error-prone manual processes, and (above all) create the ideal employee experience.
From Chase Doelling
Chase is a Principal Strategist at JumpCloud, designing authentication strategies and evangelizing customer solutions, with over a decade of experience at venture-backed startups. When he’s not at work, you can find Chase trying to lower his golf handicap and increase his speed chess rating.