What Does User De-Provisioning Mean?
User de-provisioning is the process of removing access of an
individual user to an organization’s resources. This can include removing user
accounts on individual machines or servers, or from authentication servers like
Active Directory. It can also include removing a user’s machine entirely.
De-provisioning is usually done when a user leaves an organization.
Techopedia Explains User De-Provisioning
User de-provisioning removes a user account’s access to some computing resources. The reasons for this might be a user leaving an organization, such as a student graduating from a university or an employee leaving a company. This can range from removing accounts on file servers to taking away machines issued by a company, as in the case of company-owned laptops.
Proper user de-provisioning is an important security practice. Not removing user accounts promptly when a user leaves could leave important resources exposed to malicious users, whether a hacker or a fired employee who wants to get revenge against a former employer by deleting or stealing important information. Microsoft’s Active Directory and similar tools have the ability to automatically expire accounts, which can be useful for companies employing short-term contract workers. There are other third-party programs that can audit Active Directory to monitor changes and roll them back if necessary.
