Automate IT resource request approval workflows

Publié :

05/2023

| Mis à jour le

-
Articles
>
Automation
What are the challenges associated with managing IT resource requests (software and hardware) in a company? Between manual processes that slow everyone down and disorganized requests that lead to poorly controlled situations, it's time to find an effective solution to manage requests and improve employee productivity.

Summary

💡 : It is possible to listen to this article! Find the audio at the bottom of the page 🎧

Do you have validation processes for IT resource requests (software or hardware) in your company?

Regardless of your company's size, this question is relevant. All companies need a system for processing requests to the IT department and, above all, upstream validation processes.

It's actually such a chore that, in general, it's a subject that we avoid.

→ for employees, you have to go through the manager, then wait... and often relaunch,

→ for managers, you have to ask the IT department, and often you have to go through the purchasing department first,

→ for the purchasing department, you need to take into account the opinion of the manager, who is often in a much better position to know what his or her team needs. You should also check the contracts with the publisher or supplier.

→ for the IT department, you have to go back and forth with the manager, the employee and the purchasing department to obtain all the necessary approvals and precise information for account creation orequipment allocation. Then you have to send feedback to the manager and the employee to give them access.

Validation request process

All these processes have two major drawbacks:

  • They waste everyone's time.
  • They are quite patronizing.

The manual process for resource requests

When there is no process, it's: phone call, post-it note, and tickets. We can all agree that this method is not at all effective. It has its share of oversights, wasted time, and back-and-forth.

IT onboarding processes exist in almost every company.

There are also requests outside of this process, and these are the ones that pose difficulties. It is still necessary to go through validation steps before creating the account.

The manager must give their approval to the employee; when the request comes from the manager, their N+1 (superior) must sometimes give their approval; the purchasing department is often involved; and the end of this process is that IT must collect the information, the validations, and create the account.

Manual software request process
The manager calls the IT department, who asks for an email confirmation with validation from the purchasing department.

Everything must be documented to justify requests and assignments. This allows for traceability but also the possibility of sharing information within the team in case another person has to take over the current request.

Requests are disorganized, and information is frequently missing.

Many tickets are created each time for a software request, which burdens the IT department and sometimes creates duplicate tickets for the same request.

From time to time, another solution could be found for the employee's initial need, one that is less expensive or already present in the company. However, because they are disorganized and decentralized, the requests create poorly managed situations, which leads to a financial loss for the company.

For the person initiating the request, it is impossible, without disturbing someone, to track their request in order to know its status.

In addition, this person is, in many cases, the employee and they will always see their manager first.

There is therefore the request to be made, any reminders to be sent and then wait for everything to be done.

Between the moment the request is made and the moment the employee has their access in hand, a lot of time elapses. Time during which the employee will be less productive.

You are the weakest link! Goodbye...

In every company, there is a weak link in the process chain.

Often, it's the manager who is responsible, not because they are reluctant, but because they are already overloaded.

The manager receives all the requests from their team and also makes requests themselves to ask for specific resources. They must then formulate them to the purchasing department, then wait for validation before transmitting them to the IT department. This process is extremely restrictive.

They may forget to make requests, or some people may need to be reminded, while one of their colleagues is blocked on a subject.

The manager may, due to lack of time, quickly approve software requests from their team to avoid being the weak link.

Manager overloaded with requests

Indeed, in this article, we zoom in on requests for IT resources, but the manager also receives invoices, expense reports, vacation requests, other orders, in addition to monitoring the activity of his team.

Compliance may suffer: the manager also does not verify the access rights requested by the employee, nor the adequacy of the request with their level of responsibility.

Data validation is a guarantee that verifies the suitability and consistency of the request and rights for the allocation of software or IT equipment for a user. It ensures compliance with security rules.

Formalize the resource request process

First of all, to regain control and facilitate requests, a validation process must be put in place. This is what we will call the validation cycle.

What is the purpose of this validation cycle?

What is most obvious: to help structure requests within the company. Seen like that, it may bring a smile. However, the interest is major:

Requests that do not enter a process go through informal channels. This consequently promotes cronyism, favoritism, jealousy, etc.

Even if no one is privileged, without a process, rumors and discontent will spread.

Deciding internally on an official process that everyone will go through simplifies things and understanding for everyone.

This cycle must therefore be decided in partnership with managers, various decision-makers such as purchasing, finance or other departments, and of course, the IT department.

What needs to be decided at that moment for each resource:

  • What resources are affected?
  • Who approves?
  • What is the minimum number of people required to validate?
  • Is a 'no' a deal-breaker?
  • What rights?
  • Who will create the resource?

Once the validation cycle workflow has been established and validated for each resource, it becomes necessary to automate it.

A software request workflow

The implementation of the workflow cannot really be manual. Let me explain: you have decided to send the request for Salesforce, from the manager to the purchasing department, then to IT; for Microsoft 365, only the manager's validation is required, then directly to IT…

➡️ Who will remember all this?

➡️ Who's going to make sure that the application runs its course?

➡️ Who will ensure that the IT department receives the right information?

➡️ Who will check that the resource has been created and that the end user has received access?

Automation is no longer a luxury but a necessity in this process to provide reliability and security in resource requests.

What tool can be used to automate IT resource requests?

It is important to choose a tool that can connect to your various resources, either through APIs, locally, or offline, in order to automate a workflow. This tool must also be able to integrate your users.

In this case, an IAM (Identity and Access Management) tool is clearly relevant because it natively integrates users, accounts, and applications.

The automation of the validation workflow is therefore a component that naturally integrates into an identity and access management solution.

At Youzer, we have defined a workflow as follows:

  • you define your different validator groups
  • you define the minimum number of people per group who must validate
  • you define your validation circuits for a given resource, which validator group(s) must be assigned to it
  • you define which resources can be eligible for automatic validation workflows
  • you assign your circuits to the different resources
  • you define one or more managers for each resource so that they are kept informed of requests

validation steps for IT resource requests

What happens once the workflows have been configured?

Managers submit requests for their team members within the Youzer platform.

An email is automatically sent to the various validators. They are invited via a link to approve or reject the request.

For each validation, the manager receives an email to keep them informed.
Once the minimum number of validations is reached, an email is sent to the manager to indicate that their request is validated and that it is therefore in progress for the creation of the resource.

Another email is sent to the resource manager indicating that a unit needs to be created.

The IT department has all the necessary information to quickly create a unit, since the settings are already defined in Youzer, and the user is known, along with all the information required to create the account.

A person in the IT department can create an account with just one click. The credentials are sent to the user.

The manager validates the creation of the resource and the manager is informed by an email.

Workflow of an IT resource request on Youzer

The objectives of automating software requests are to:

  • Having a single request form
  • Centralize all requests
  • Formalize requests to keep track of them
  • Track requests, mainly for managers, to know if their request is progressing as expected
  • Track requests and assignments, especially for audits
  • Facilitate the work for validators and the IT department
  • avoid shadow IT since the request is simpler and more transparent
  • increase productivity for the employee who has their access faster
  • Simplify the work for the IT department, which only receives complete requests with all the information

In conclusion

Resource requests are unavoidable in companies, whether we like it or not, there will be some. Not facing the problem only delays the choice of a solution.

IT tickets will patch the problem, but they do not solve the time lost and the back and forth between the different departments.
Integrating account creations into onboarding packages, as well as individual requests within a single platform, relieves all those involved (IT, purchasing, manager, etc.), secures the allocation of resources, and tracks requests and allocations.

An IAM solution like Youzer is easy to use and perfectly suited to companies such as SMEs and mid-sized businesses due to its rapid implementation.
The validation cycle workflow can be set up in 5 minutes, providing immediate time savings.

If having a self-service feature to speed up IT resource requests appeals to you, I invite you to 👉schedule your demo to see how this validation cycle workflow is set up!

Besoin d'évaluer le coût d'un projet d'IAM ?

Téléchargez ce livre blanc sur le coût de l'inaction dans l'IAM :

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

Recommended Articles

License management: a challenge for the IT department
How to identify the applications used in your company
What is application account provisioning?