Leaver Processing in Rapid Setup
Note: Provisioning policies for deleting / disabling / unlocking accounts, and a password policy for password scrambling, should be created before this process is configured.
The leaver feature gives the user the option to configure the leaver plan by either using a rule or by selecting options to configure a plan. If you opt to configure your processes, you can set up separate processes for ordinary leaver events, and for terminations. If you choose to use a rule for leaver processing, you will select one rule to manage both leaver and termination processing.
-
To use a rule for leaver processing, select Use rule, and choose a rule from the dropdown list.
-
To configure a leaver plan, select Configure, and use the options below to determine leaver and termination processing behavior.
Note: No other Rapid Setup event takes priority over leaver processing. If an identity is eligible for leaver event as well as a joiner or mover event, the leaver event will be launched, and the other events will not.
Leaver Options
Leaver options are for managing identities that leave your organization in circumstances other than immediate termination. Immediate termination options are configured separately.
|
Option |
Description |
|
Delete Account |
To delete a leaving identity's accounts, enable this option. Then choose when the accounts should be deleted:
|
|
Disable Account |
Send a request to disable the account. Choose Now to disable accounts immediately, or Later to postpone the disabling. When you choose Later, use the Days to Delay field to set the number of days to wait before disabling accounts. |
|
Scramble Password |
Scramble the value of the password account attribute. This option is used when the application does not natively perform password maintenance. Choose Now to scramble passwords immediately, or Later to postpone the action. If you choose Later, use the Days to Delay field to set the number of days to wait before the action occurs. |
|
Move Account |
This option is only used for Active Directory applications. Enter the full OU to the container where leaving identities should be moved. You can set this option to run Now or Later. |
|
Remove Entitlements |
Choose whether to remove entitlements as part of the leaver process. You can set this option to run Now or Later. If you enable this option, you can use the Entitlement Exceptions filter to choose any entitlements that you do not want to remove as part of the leaver process. |
|
Add Comment |
Add Comment lets you enter comments to be added to the application account for the leaving identity. The Comment Attribute is the attribute in the application where comments are stored. The Comment field is where you enter the comment to be stored in the Comment Attribute on the application. |
Terminate Options
Use this section to configure how termination events should be processed. Termination processes are enabled, and have some global behavior configured, through Identity Operations Configuration. When termination processing is enabled and configured, terminations for individual identities are initiated through the Identities > Identity Operations menu. See Terminating Identities with Rapid Setup.
To configure Terminate Options that are specific to this application:
-
If you want termination processing to follow all the same processes you have configured for Leaver Options, choose Use the same settings as leaver options.
-
If you want to set up different processes for terminations than those you have configured for Leaver options, disable the Use the same settings as leaver options slider. Then you can configure termination-specific behavior; the fields for configuring termination options are identical to the ones for leaver options. Refer to the table above for information about these fields.