What is provisioning and deprovisioning in IAM?

Q: What is provisioning and deprovisioning in IAM?

Provisioning creates user accounts and grants access. Deprovisioning removes access when it is no longer needed.

D1 · General · CompTIA Security+ SY0-701

Provisioning is the process of creating user accounts and granting appropriate access rights, permissions, and resources when someone joins an organization or changes roles.

Deprovisioning is the process of revoking and removing access rights, disabling accounts, and reclaiming resources when someone leaves or changes roles.

Proper deprovisioning must happen immediately upon termination — active accounts of former employees are a major security risk.

User lifecycle management: joiner → mover → leaver.

Failure to deprovision is a major access control gap. Orphaned accounts (active accounts of former employees) are regularly exploited. Automated provisioning/deprovisioning (SCIM protocol, identity governance tools) reduces manual errors. Access reviews (recertification campaigns) periodically verify all access is still needed.

← Back to Glossary Practice Questions →

What is provisioning and deprovisioning in IAM?

// Related Terms