Torchora
Back to Home

Key Responsibilities and Required Skills for User Account Assistant

💰 $ - $

ITOperationsCustomer SupportIdentity & Access Management

🎯 Role Definition

The User Account Assistant administers and supports the full lifecycle of user accounts—creating, modifying, provisioning, de-provisioning, and auditing access across Active Directory, SSO providers, HR-fed directories, and business applications. This role blends technical execution (password resets, MFA support, role-based access adjustments, bulk imports) with customer-facing service (ticket handling, user education, escalation), ensuring compliance with access control policies and service level agreements. The ideal candidate is detail-oriented, security-conscious, and experienced with ticketing systems, identity platforms (AD/LDAP/Okta), and routine access governance tasks.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Help Desk Technician or Service Desk Analyst transitioning into account administration.
  • Customer Support Specialist with cross-functional IT exposure.
  • Junior IT Support / Desktop Support Technician with account provisioning tasks.

Advancement To:

  • User Account Administrator or Identity & Access Management (IAM) Analyst.
  • IAM Specialist / Access Control Analyst focusing on RBAC and policy enforcement.
  • IT Operations Lead or IT Support Supervisor overseeing account lifecycle processes.

Lateral Moves:

  • IT Support Analyst (deskside or remote support).
  • Service Desk Supervisor or Escalation Engineer.

Core Responsibilities

Primary Functions

  • Manage end-to-end user account lifecycle by creating, modifying, disabling, and deleting accounts in Active Directory, Azure AD, Okta, G Suite, and key business applications, ensuring provisioning actions align with HR changes and access policies.
  • Perform secure password resets, account unlocks, and MFA re-enrollment while validating user identity according to documented authentication processes and reducing time-to-resolution to meet SLA targets.
  • Execute employee onboarding tasks including provisioning application access, assigning default role-based permissions, enrolling MFA, and coordinating with HR and IT to ensure accounts are ready on hire date.
  • Conduct timely offboarding and termination procedures—revoke access, disable accounts, reassign shared mailbox ownership, and confirm deletions across integrated systems to mitigate security exposure.
  • Process bulk user imports, group updates, and mass provisioning/deprovisioning through scripts or identity platform tools, ensuring mass changes are logged, reversible, and validated for accuracy.
  • Maintain and update access control lists, role-based access definitions, and group memberships to implement least-privilege principles and support internal segregation-of-duties requirements.
  • Monitor and respond to incoming tickets from ServiceNow, Zendesk, JIRA, or similar systems for account- and access-related requests, tracking metrics like first-response time, resolution time, and CSAT.
  • Troubleshoot single sign-on (SSO), LDAP, and SAML authentication issues in collaboration with IAM engineers and cloud service providers to restore access for end users while preserving security controls.
  • Assist with scheduled user access reviews and audits by producing user and group reports, reconciling discrepancies, and executing remediation actions under audit timelines.
  • Maintain detailed and up-to-date account change records, audit trails, and access approvals in the ticketing system and identity management tools to satisfy compliance and internal control requirements.
  • Escalate suspicious account activity or confirmed access compromises to security teams, providing relevant logs, ticket history, and remediation recommendations as part of incident response support.
  • Provide end-user guidance and basic training on password hygiene, MFA setup, account recovery procedures, and self-service portal use to reduce repetitive support requests.
  • Partner with HR, IT onboarding, and business application owners to map access needs to job roles and to refine transactional workflows for faster, error-free provisioning.
  • Implement and maintain account naming conventions, mailbox provisioning steps, display name standards, and profile configurations to support consistent user identity across systems.
  • Execute periodic reconciliation between HR systems and identity repositories, flagging orphaned accounts, terminated users with active access, and mismatched attributes for remediation.
  • Create and maintain runbooks, SOPs, and knowledge base articles for standard account tasks and common troubleshooting paths to improve team efficiency and first-contact resolution rates.
  • Participate in change control and approval workflows for account-related updates, ensuring appropriate approvals are documented before access escalation or role elevation occurs.
  • Support integration and onboarding of new SaaS applications by mapping required access, provisioning templates, and onboarding checklists in coordination with application owners and IAM specialists.
  • Report on account metrics and KPIs such as open tickets, average handle time, provisioning accuracy, SLA compliance, and access review results to drive continuous improvement.
  • Recommend and help implement process automation (e.g., PowerShell, Okta Workflows, Azure Automation) to reduce manual tasks, improve consistency, and scale account administration safely.
  • Validate and remediate compliance issues found during internal audits or external assessments, implementing corrective controls and verifying closure through documented evidence.
  • Assist with privileged account and shared credentials management processes by coordinating requests, maintaining records of privileged access, and enforcing time-bound elevation rules.
  • Support cross-functional projects involving directory migrations, SSO rollouts, and HR system integrations by executing migration steps for user accounts, testing access, and communicating status to stakeholders.
  • Maintain confidentiality of user data and adhere to organizational privacy and data protection policies when handling account information, personally identifiable information, and audit artifacts.

Secondary Functions

  • Assist with ad-hoc reporting requests and basic data validation related to user accounts and access inventories.
  • Contribute to process-improvement initiatives by documenting pain points, proposing standardized workflows, and piloting small automations.
  • Collaborate with security, compliance, and application teams to implement minor configuration changes that improve access governance.
  • Participate in rotating on-call or escalation schedules for after-hours account restoration and critical access requests.
  • Support licensing and subscription reviews by validating assigned application access and decommissioning unused accounts to reduce cost and risk.
  • Help maintain a searchable knowledge base and user-facing documentation to improve self-service adoption and reduce support volume.

Required Skills & Competencies

Hard Skills (Technical)

  • Active Directory / Azure AD administration — user and group management, OU structure, GPO basics, and account lifecycle operations.
  • Single Sign-On (SSO), SAML, OAuth, and experience with identity providers such as Okta, Ping Identity, or OneLogin.
  • Multi-Factor Authentication (MFA) support and troubleshooting (Google Authenticator, Microsoft Authenticator, hardware tokens).
  • Experience with ticketing systems (ServiceNow, Zendesk, JIRA) including SLA management, ticket routing, and knowledge base maintenance.
  • Familiarity with IAM concepts: role-based access control (RBAC), least privilege, segregation of duties, and access review processes.
  • Basic scripting for automation (PowerShell, Bash, or Python) for bulk user operations and routine maintenance tasks.
  • Understanding of LDAP and directory synchronization tools (Azure AD Connect, AD sync tools) and identity federation basics.
  • Proficient with Microsoft 365 user and mailbox provisioning, license assignment, and mailbox delegation configurations.
  • Competence in data entry, reporting, and spreadsheet tools (Excel — VLOOKUPs, pivot tables) to reconcile user lists and produce access reports.
  • Knowledge of common SaaS platforms (Salesforce, Slack, Jira, Concur) and experience provisioning accounts and roles within these applications.
  • Familiarity with basic security controls, incident escalation, audit evidence collection, and adherence to privacy policies and regulatory requirements.

Soft Skills

  • Strong customer service orientation with the ability to be empathetic, patient, and clear when resolving access issues for non-technical users.
  • Excellent verbal and written communication skills for clear ticket updates, cross-team coordination, and user guidance documentation.
  • High attention to detail to avoid privilege creep, misconfigured accounts, and audit findings.
  • Strong organizational and time-management skills to prioritize high-impact access requests and maintain SLA compliance.
  • Analytical problem-solving mindset to diagnose authentication failures, reproduce issues, and identify root causes.
  • Team collaboration skills for working with HR, security, application owners, and IT operations.
  • Discretion and professional ethics when handling sensitive account information and PII.
  • Adaptability to changing IAM tools, new SaaS platforms, and evolving security requirements.
  • Initiative to identify repetitive tasks and propose or build automation improvements.
  • Resilience and calm under pressure when supporting urgent access needs during critical business events.

Education & Experience

Educational Background

Minimum Education:

  • High school diploma or equivalent; relevant technical certifications or hands-on experience accepted in lieu of degree.

Preferred Education:

  • Associate or Bachelor's degree in Information Technology, Information Systems, Cybersecurity, or related field; industry certifications such as CompTIA Security+, Microsoft Certified: Identity and Access Administrator, or Okta Administrator are a plus.

Relevant Fields of Study:

  • Information Technology
  • Information Systems
  • Cybersecurity
  • Computer Science
  • Business Administration (with IT focus)

Experience Requirements

Typical Experience Range:

  • 1–4 years of hands-on experience in user account administration, help desk support, or identity and access management functions.

Preferred:

  • 2+ years managing accounts in Active Directory/Azure AD and one or more identity providers (Okta, OneLogin).
  • Prior experience working with HR integrations, SSO rollouts, and access review or audit activities.
  • Practical experience with ticketing platforms, basic scripting (PowerShell), and automation tools to handle bulk provisioning or reconciliation tasks.
Explore More Careers