SOAR Use Case: Identity Management

For SOC teams, it might seem like the new year brings the same security challenges, but we’re not just recycling last year’s SOAR playbooks. We’ve got a fabulous new whitepaper to ensure a stress-free 2023 for your team, with three SOAR playbooks that go beyond the SOC and tackle cross-team use cases.

In a previous post, we looked at how NextGen SOAR can be used to handle malicious insider threat investigations by automating and orchestrating response actions across a range of data loss prevention, HR, and identity management tools. In this post, we’ll explain how SOAR can help streamline the employee onboarding and offboarding process by working with HR and IT departments, and in concert with IT service management and identity management tools.

What Are Onboarding and Offboarding?

Onboarding is the process of bringing new employees to an organization and providing them with all the tools and assistance they require to thrive in their new roles. This typically entails tasks like configuring their computer and email, offering them training materials, and introducing them to their coworkers.

When an employee leaves the company voluntarily, involuntarily, or as a result of termination, this process is referred to as offboarding. This can involve things like deactivating their access to business resources and systems, conducting an exit interview, and notifying team members of their departure.

Identity management tools play an important part of both the onboarding and offboarding processes, as they involve managing the digital identities and access rights of employees within the organization.

Onboarding and offboarding are important touch points in an employee’s journey with a company, and they should be handled with empathy and sensitivity. A poor experience can significantly color the views of an employee and make the difference between a positive or a negative testimonial. A well-planned offboarding experience on the other hand can improve your reputation and leave the door open for boomerang employees.

Benefits of SOAR for Onboarding and Offboarding Automation

Onboarding and offboarding employees can be time-consuming. Notable pitfalls of doing it manually include:

  • Human error: Humans can be forgetful, get delayed, or make typos. During onboarding and offboarding, these mistakes can impose a huge cost on your company.
  • No paper trail: Manual processes often lack proper documentation, which can make it difficult to have visibility on who has access to what resources, and when it was granted or revoked.
  • Security risks: If access is not properly and promptly managed, it can leave the company vulnerable to data breaches, espionage, and leaks.

SOAR playbooks bring the rigor of a checklist to the process, ensuring that any process and policy around onboarding and offboarding is consistently followed and documented, with automation helping to speed up SOPs that can be programmatically handled. This is a high-value service that MSSPs can provide by simply integrating with their clients’ identity management tools.

Let’s briefly explore how NextGen SOAR streamlines the employee onboarding and offboarding process. NextGen SOAR’s integrations with identity management tools like Active Directory and Okta, and ticketing systems like Jira and ServiceNow enable security teams to speed up the process to a few clicks.

The onboarding/offboarding playbook can be triggered by a Jira or ServiceNow ticket, or another method, such as an email or a command from an integrated tool. NextGen SOAR parses the information and orchestrates the identity management tool to create/deactivate the new users and auto-populates the required fields. When the users have been created or deactivated, the playbook notifies the appropriate people and, if the request came from a ticketing system, the ticket will be updated.

Additionally, the playbook could also be used to send the new employee relevant information such as training materials or employee handbooks, or non-disclosure agreements. If any issues arise, the playbook can trigger the appropriate actions to resolve them, such as escalating the issue to a support team or rolling back any changes that were made.

Turn your To-Dos into Ta-Das With NextGen SOAR

Empower your team to make programming and workflow improvements with a no-code automation solution. We offer comprehensive vendor-neutral integrations, flexibility, and room for non-security use cases. We’re also the only vendor to offer the Event Pipeline, which helps you automate virtually every task that a tier-one or tier-two analyst would perform. Want to empower your team to achieve more with less work? For a hands-on look at our advanced triage and correlation, case management, and third-party threat intelligence options, schedule a demo.

Social Icon
Shriram Sharma

Shriram is a Marketing Content Writer at D3. A former journalist, he chronicled high-profile data breaches, cyber-attacks, and conducted interviews with white and grey hat hackers. He likes to share his fascination for the field of cyber security by creating accessible and engaging content.