# Access Provisioning

> A least-privilege provisioning process that grants new team members exactly the access they need through a single identity system.

**Category:** IT & Security

**When to use:** When a new hire starts or someone changes roles.

**Trigger:** A new hire or a role change

## Steps

1. Map the role to a defined access profile rather than copying another person's access.
2. Grant access through the central identity system, never via shared credentials.
3. Apply least privilege: only what the role needs, with elevated access time-boxed.
4. Require multi-factor authentication on every account that supports it.
5. Record what was granted, by whom, and why, for the access review.
6. Confirm the person can do their job and that nothing extra was granted.

## Outputs

- Access granted via the identity system
- An access record for the review trail
- MFA enforced on the new accounts

## Tools

- Identity / SSO
- Password manager
- Access log

## Notes

Never provision by cloning a colleague's access. That is how one over-privileged account quietly becomes ten.

---

Free SOP from the OrgTP Process Library — https://orgtp.com/process-templates/access-provisioning
Run it live with your humans and AI agents at https://orgtp.com.