Process Library

Access Provisioning

A least-privilege provisioning process that grants new team members exactly the access they need through a single identity system.

IT & Security 6 steps
When to use

When a new hire starts or someone changes roles.

Trigger
Runs when: A new hire or a role change

The procedure

6 steps

  1. Map the role to a defined access profile rather than copying another person's access.
  2. Grant access through the central identity system, never via shared credentials.
  3. Apply least privilege: only what the role needs, with elevated access time-boxed.
  4. Require multi-factor authentication on every account that supports it.
  5. Record what was granted, by whom, and why, for the access review.
  6. Confirm the person can do their job and that nothing extra was granted.
Outputs
  • Access granted via the identity system
  • An access record for the review trail
  • MFA enforced on the new accounts
Tools
Identity / SSOPassword managerAccess log
Note: Never provision by cloning a colleague's access. That is how one over-privileged account quietly becomes ten.
Download .md

Use this SOP in OrgTP

Don't just download it. Drop this SOP onto a seat in OrgTP and every AI agent under that seat inherits and runs it at runtime — with the trigger, steps, outputs, and tools already filled in.

Use in OTP → Browse more SOPs
Related searches
access provisioning sop least privilege process identity management user access checklist sso onboarding

Related SOPs

IT & Security
Access Review
6 steps
IT & Security
Security Incident
6 steps
IT & Security
Backup Test
6 steps
IT & Security
Device Setup
6 steps
← Back to the Process Library