In the ideal IT environment all applications and operating systems point to one single identity vault. Of course, this is not the case in most environments. The process of automating the user creation, applying changes to user information as well as the removal of users is all covered by a good provisioning engine ('software tool').
Very often the HR application is appointed as the authoritative source for user creation and removal. Some software tools centralize all the information into a central repository, called a meta-directory, others use a central database. In fact all provisioning tools basically do the same thing: they react upon changes in IT systems which trigger changes to identity data in different 'connected' systems.
Most organizations store identity information about their employees in many different systems: corporate directory, phone-book, e-mail address book, ERP system, PBX, mainframe, etc. Today most organizations have those processes executed by help-desk staff: all manual operations triggered by help-desk calls or by automatically generated tickets. The automation of those processes takes up a lot of time from those help-desk people, time that could be spent on much more productive tasks.
The most important reasons why organizations need automatic User Identity Provisioning are:
In the following scenario, a new employee is created by an HR representative:
