Lifecycle Event-Driven Provisioning
With Lifecycle Manager enabled, Lifecycle Events can be configured in IdentityIQ to represent activities that occur during the normal course of a person's employment at a company. These activities include events such as joining the company, changing departments or managers, and leaving the company. The shorthand terms for these activities are Joiner, Mover, and Leaver.
When Lifecycle Manager is enabled, IdentityIQ contains four predefined Lifecycle Events.
|
Lifecycle Event |
Trigger |
Business Process Invoked |
|
Joiner |
Identity Creation |
Lifecycle Event – Joiner |
|
Leaver |
Attribute Change: Inactive attribute change from false to true |
Lifecycle Event – Leaver |
|
Manager Transfer |
Manager Change |
Lifecycle Event – Manager Transfer |
|
Reinstate |
Attribute Change: Inactive attribute change from true to false |
Lifecycle Event – Reinstate |
By default, these events are disabled and must be enabled before the events can be triggered. Lifecycle Events are triggered by specific changes to an identity. These changes can include the following actions:
-
Creation
-
Manager transfer
-
Attribute change
-
Complex changes that an IdentityTrigger rule detects
The triggered Lifecycle Events invoke business processes, or workflows, that can contain provisioning actions.
Note: The terms Business Process and Workflow are synonymous. The IdentityIQ user interface refers to these terms as Business Processes which is the term business managers use most often. The IdentityIQ object model and XML use the term Workflows.
Manage Lifecycle Events and Actions
The Lifecycle Events and the default actions of each of the business process that the predefined Lifecycle Events invoke are listed below.
-
Lifecycle Event – Joiner – prints the name of the identity to sysout. No actions are taken on the identity. This action is typically modified to provision birthright access for identities.
-
Lifecycle Event – Leaver – creates and runs a provisioning plan to disable all accounts the leaving identity has.
-
Lifecycle Event – Manager Transfer – prints names of the old and new manager to sysout. No actions are taken on identity or entitlements. This action is typically modified to generate a certification for the new manager to review the access an identity holds. This action can also be used to provision birthright access identified for members of new manager’s group.
-
Lifecycle Event – Reinstate – creates and runs a provisioning plan to enable all previously disabled accounts that a returning identity had.
Lifecycle Events and Actions How-To Tasks
You can perform the following tasks for Lifecycle events and actions:
Note: Additional Lifecycle Events and workflows/business processes can be created as needed to support the business needs for each installation.
How To Edit Predefined Lifecycle Events
-
Navigate to Setup > Lifecycle Events page.
-
Right-click an entry and click Edit or double click an entry.
-
Make desired changes and click Save.
How To Create a New a Lifecycle Event
-
Navigate to Setup > Lifecycle Events page.
-
Click Add New Lifecycle Event.
-
Enter information for Lifecycle Event Options and Behavior.
-
Click Save.
How To Delete a Lifecycle Event
-
Navigate to Setup > Lifecycle Events page.
-
Right-click an entry and select Delete.
How To Modify Actions for Lifecycle Events
-
Navigate to Navigate to Setup > Business Process page.
-
Select the Process Designer tab.
-
Select a process from the Edit An Existing Process list.
Note: Typically only administrators can edit the Identity Cube information. This option is available through Identities > Identities Warehouse.
You can also access IdentityIQ Debug pages and modify actions through the XML Workflow.
See also Business Process Management.