Fouad Matin

@fouadmatin

Onboarding can feel like it never ends.

There's always one more thing.

There's always one more Google Drive shared folder that you didn't know about, GitHub repo that you've never seen, or an Okta group that would've made your life easier two weeks ago. Unlike during your first week, it's hard to know who or where to ask.

It's even harder to know what you don't know. Every time there's a new app, tool, or system that's mentioned, new hires have to guess what it is, do they need access to it, and where to ask for it.

The IT and security teams have to figure out what you're looking for, like which Okta group corresponds to a specific AWS account or role in Salesforce. Then, they have to find who has admin permissions and the context to decide if you should get access, leading to days waiting for approval. Finally, you get access … until the next access audit and then VP doesn't know why you have access and just clicks revoke to be safe.

For users, it's hard to see the point of a process that just adds friction and slows down getting work done. They're usually not taking into account the coordination tax that turns a "simple decision" of whether or not to grant access into a multi-day ordeal of back-and-forth.

The coordination tax is the delta between how long someone needs to access something versus how long they had to wait to get the access. Depending on the system, team, and compliance policies, this ranges from a couple hours to days and, sometimes, weeks.

At some point, you have to pay a license for everyone to get access to the ticketing system, just so they can ask a centralized IT team for access, and create more work. It's exhausting for everyone involved.

There's a way out — use on-demand access to grant people access to what they need, when they need it.

On-Demand Access is time-bound, role-based access that is policy-controlled. Users can easily find what they're looking for, request access, and be kept in the loop automatically like they're used to with on-demand delivery.

Admins can implement their least-privilege and access control requirements from SOC 2, HIPAA, SOX, and the endless list of abbreviations and numbers. Security and compliance can decide what the policies should be, and IT can define a policy-based structure for processing requests — instead of defining every workflow.

Set up a new hire's user accounts, then show them how they can request access and route to the right person to review automatically. Grant indefinite access or auto-approve if it's part of someone's job.

For critical services or expensive SaaS licenses, you can grant time-bound, role-based access without giving everyone a headache. No more tickets, email forward chains, or reminders to revoke access.

Using Indent for on-demand access, you can simplify onboarding:

• Self-serve via Slack and web app
• Admins can onboard groups of users (new hire)
• Enable new hires to take action faster and more confidently
  • Grant sensitive access or expensive SaaS licenses based on different factors like compliance training (via Okta Group) or on-call status
  • If they're an engineer, enable them to respond incidents or view production logs without giving them keys to the kingdom

When it comes time for offboarding, it's even easier:

• One-click revoke button in Slack or web app
• Time-bound, role-based access makes everything easier to manage
• Generate audit evidence for compliance requirements, e.g. revoke employee access within 24 hours of departure

"Part of every new hire's onboarding, we show them Indent. Using the /access command in Slack, all new hires are able to get day one access to resources like 1Password or AWS access for engineers."

You can streamline your onboarding and offboarding workflows today with Indent. Our team is happy to help review your existing process and automate as much as possible with On-Demand Access.

Want to see a personalized demo? You can schedule a demo in seconds. Or you can talk to our team if you have any questions.