Skip to end of banner
Go to start of banner

Leaver Process

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

You might have both planned and unplanned leaver in your organization, EmpowerID IAM will automate the process of deletion/disabling user accounts to revoke the access of leaver. The Leaver process is when a person’s relationship with an organization comes to an end and is the most security-sensitive event as the IAM system must ensure that all access provided is removed in a timely manner.

A leaver process can be triggered from any external system like HR, or by triggering a workflow from the EmpowerID itself. The leaver will be marked as deleted in EmpowerID and automatically executes the revoke actions specified in Resource Entitlement Policy. Resource Entitlements (RETs) are policies that govern how resources, such as an Active Directory account or an Exchange mailbox, are given to people. Thus RETs would also evaluate what should be de-provisioned when the person leaves the organization. In this section, we will discover two ways of handling leaver events in EmpowerID.

  1. Planned Leaver: This process is a configurable “Advanced Leaver” process that supports step-by-step graceful termination. Revoke of access can be designed and configured as write-back to target systems.

  2. Emergency Termination: This process is for unplanned Leaver events, which are typically performed by an administrative user via the EmpowerID web user interface and takes immediate effect.

Related Docs Topics:

Planned Leaver Events (Advanced Termination)

  • No labels