Leaver Process

The Leaver process is when a person’s relationship with an organization comes to an end and is the most security-sensitive event as the IAM system must ensure that all access provided to the leaving party is removed in a timely manner.

A leaver process can be triggered from any external system like HR, or by triggering a workflow from the EmpowerID itself. The leaver will be marked as deleted in EmpowerID and automatically executes the revoke actions specified in Resource Entitlement Policy. Resource Entitlements (RETs) are policies that govern how resources, such as an Active Directory account or an Exchange mailbox, are given to people. Thus RETs would also evaluate what should be de-provisioned when the person leaves the organization. In this section, we will discover two ways of handling leaver events in EmpowerID.

1. Planned Leaver: This process is a configurable “Advanced Leaver” process that supports step-by-step graceful termination. Revoke of access can be designed and configured as write-back to target systems.

2. Emergency Termination: This process is for unplanned Leaver events, which are typically performed by an administrative user via the EmpowerID web user interface and takes immediate effect.