Rapid Setup Leaver Overview

The Leaver process defines the operations that are launched when someone leaves your organization. The criteria for how "leaving" is defined is configured according to your organization's needs, in Rapid Setup's global configuration.

Leaver processes can include:

  • Reassigning ownership of artifacts(such as tasks, applications, and policies) currently owned by the leaving identity.

  • Notifying the manager of the leaving identity about reassigned artifacts.

  • Reassigning the administration of identities that are currently administered by the leaving identity. This option is typically used for service account or RPA type identities that the leaver is responsible for administering.

  • Notifying the manager of the leaving identity about the reassigned identities.

  • Auto-rejecting requests targeted for the leaving identity.

  • Running an optional post-leaver rule.

  • Updating links which may need updating due to a move.

The Leaver process can build an immediate provisioning plan to:

  • Remove of the identity's assigned roles

  • For each application on which identity has an account, and for which Leaver processing is enabled, determine which of these actions to perform, and whether to perform each one immediately or to defer the action:

    • Removal of the identity's entitlements (unless they are excluded from removal).

    • Scrambling the identity's password on the application.

    • Adding a comment to an account attribute.

    • Moving the account to a different OU on a container-based application.

    • Disabling the account.

    • Deleting the account.

  • Execute the immediate provisioning plan.

  • Notify the manager with results of the immediate provisioning.

The Leaver process must be enabled globally before users can configure and use it on a per-application basis. See Rapid Setup Configuration for details about global configuration.

You can also define processes for the immediate termination of identities, that can be distinct from your other leaver processes. Some of the termination behavior is configured globally as part of Identity Operations Configuration; you can also define application-specific termination behavior as part of leaver processing.