Provisioning
Provisioning is the process that happens after you click Create in the identity wizard. Depending on the identity type and platform, the system may need to create accounts, store credentials, or set up single sign-on (SSO) – and it tracks each step along the way. Understanding provisioning helps you know what to expect after creating an identity and how to troubleshoot if something stalls.
How provisioning works
When you create an identity, AccessHive determines which setup steps are needed based on the identity type and platform. The system runs these steps in the background and updates the identity status as each one completes.
Some identity types – like API Key, OAuth App, and external Shared Credentials – store credentials immediately and are ready in under a second. Others – like Human Interactive and managed Shared Credentials – need the system to create accounts in Google Workspace (GWS) or the identity provider, which takes 5–15 seconds.
Identity status
Every identity shows one of three statuses on its detail page.
| Status | What it means |
|---|---|
| Pending | At least one setup step is still running. The identity is not ready yet. |
| Provisioned | All setup steps completed successfully. The identity is ready to use. |
| Error | One or more setup steps failed. Check the identity detail page for specifics. |
Provisioning flows by identity type
Human Interactive on a Google Workspace-required platform
The most complex flow. The system creates accounts in both the identity provider and Google Workspace.
- The system creates an account in the identity provider.
- Once that completes, it creates a Google Workspace domain user.
- When both steps finish, the identity status changes to Provisioned. This takes 5–15 seconds.
Shared Credential (managed) on a Google Workspace-required platform
The system creates a Google Workspace domain user and sets the password automatically.
- The system creates a domain user in Google Workspace and generates a password.
- The credentials are encrypted and stored in the credential vault.
- The identity status changes to Provisioned. This takes 5–15 seconds.
Shared Credential (external), Service Account, API Key, and OAuth App
These types carry their own credentials. No external account creation is needed.
- The credentials you provided are encrypted and stored in the credential vault.
- The identity status changes to Provisioned immediately.
Even on platforms that normally require Google Workspace, Service Accounts, API Keys, and OAuth Apps skip all external account creation. They store credentials directly and are ready instantly.
Identity health after provisioning
Once an identity is provisioned, AccessHive monitors its health on an ongoing basis.
| Health status | What it means |
|---|---|
| Healthy | Everything is up to date and working as expected. |
| Needs provisioning | The identity is out of sync – for example, it is missing from the directory or in the wrong organizational unit. |
| Error | A provisioning or sync check failed. |
| Orphaned | An account exists in the directory but has no matching identity in AccessHive. |
| Not managed | The identity uses credentials only – no directory account to monitor. |
If an identity stays in Pending status for more than a minute, open the identity detail page to see which step is still running. Use the Retry Provisioning button to restart the stuck step. For more help, see Troubleshooting.
Related pages
- Identity types – Learn which types require background provisioning and which are instant. See Identity Types.
- Credential vault – Understand how credentials are encrypted and stored. See Credential Vault.
- Create an identity – Walk through the wizard and see what happens at each step. See Creating Identities.
- Troubleshooting – Fix common provisioning issues. See Troubleshooting.