Access provisioning automated

Severity: Optional

Automation reduces onboarding friction and ensures consistency. This is a maturity indicator, not a baseline requirement.

Check automatically:

# Look for provisioning scripts or IaC
find . -maxdepth 4 -type f \( -name "*provision*" -o -name "*onboard*" -o -name "*access*" \) \( -name "*.sh" -o -name "*.tf" -o -name "*.py" \) 2>/dev/null | grep -v node_modules

# Check for identity provider or SSO references
grep -riE "okta|auth0|google workspace|azure ad|onelogin|jumpcloud|sso|saml|scim" docs/ --include="*.md" 2>/dev/null

# Look for Terraform IAM or access management
grep -riE "iam|aws_iam|google_project_iam|azurerm.*role" terraform/ infra/ --include="*.tf" 2>/dev/null | head -10

Ask user:

• "How is access granted today?" (manual, tickets, automated)
• "Is there SSO/identity provider integration?" (Okta, Google Workspace, etc.)
• "Any SCIM provisioning for SaaS tools?"
• "How long does full access take?"

Access provisioning maturity:

Level	Description
1 - Manual	Individual requests per tool, takes days
2 - Documented	Checklist exists, still manual, faster
3 - Partial automation	SSO for some tools, scripts for cloud
4 - Mostly automated	SSO + SCIM, minimal manual steps
5 - Fully automated	Role-based, self-service, instant

Pass criteria:

• Some automation exists (SSO, scripts, SCIM)
• Manual steps documented and minimized
• Full access achievable same-day

Fail criteria:

• Fully manual process with no automation
• Takes 2+ days due to access bottlenecks
• No awareness of automation options

Cross-reference with:

• DEV-002 (automation builds on documented access list)

Evidence to capture:

• Provisioning method per tool category
• SSO/identity provider in use
• Automation level (1-5 scale)
• Typical time to full access

---