Lifecycle Events in SailPoint IdentityIQ

Lifecycle Events in SailPoint IdentityIQ

In IdentityIQ, Lifecycle Events represent activities that occur during an employee’s tenure at a company, such as joining, changing roles, or leaving. These events, when triggered by specific changes to an identity (like attribute changes or creation), initiate Business Processes (workflows) that can include provisioning actions.

Here’s a breakdown of key aspects related to Lifecycle Events:

• Pre-defined Lifecycle Events: IdentityIQ provides four pre-defined Lifecycle Events, each linked to a specific trigger and default Business Process:
  • Joiner: Triggered upon identity creation. The default process simply logs the identity’s name. Typically customized to provision initial access rights (birthright access).
  • Leaver: Triggered when the “Inactive” attribute changes from false to true. The default process disables all the leaving identity’s accounts.
  • Manager Transfer: Triggered when an identity’s manager changes. The default process logs the old and new managers’ names. Commonly customized to initiate a certification for the new manager to review the identity’s access or provision access based on the new manager’s group memberships.
  • Reinstate: Triggered when the “Inactive” attribute changes from true to false. The default process enables all previously disabled accounts of a returning identity.
• Lifecycle Events and Rapid Setup: The Rapid Setup module simplifies the configuration of common Lifecycle Events like Joiner, Mover, and Leaver. It allows administrators to define event triggers, global actions, and per-application actions (like birthright role assignment). Rapid Setup offers a user-friendly interface for configuring these events without requiring in-depth workflow customization.
• Custom Lifecycle Events: You can create custom Lifecycle Events beyond the pre-defined ones to cater to specific organizational needs. These custom events offer flexibility in defining triggers, target identities, and associated workflows.
• Lifecycle Events and Provisioning: Lifecycle Events are tightly integrated with IdentityIQ’s provisioning engine. The Business Processes triggered by these events can contain provisioning actions, such as creating, modifying, enabling, disabling, or deleting accounts and entitlements.
• Lifecycle Events Configuration: You manage Lifecycle Events through the Lifecycle Events page (Setup > Lifecycle Events). Here, you can:
  • Create new Lifecycle Events: Define a name, description, event type (Create, Manager Transfer, Attribute Change, Rule, Native Change, Alert), target identity population, and the triggering business process.
  • Edit pre-defined Lifecycle Events: Customize the default behavior of the provided events by modifying their associated Business Processes.
• Monitoring Lifecycle Events: You can monitor the execution and outcomes of Lifecycle Events through various methods:
  • Track My Requests: Provides visibility into the access requests generated by Lifecycle Events, particularly those initiated through Rapid Setup workflows.
  • Advanced Analytics: Allows you to search and analyze audit data, including events related to Lifecycle Events (action: IdentityLifecycleEvent).
  • Identity Events: Offers a historical view of past events associated with an identity, including those triggered by Lifecycle Events.

Overall, Lifecycle Events provide a powerful mechanism in IdentityIQ to automate identity management processes based on real-world events throughout an employee’s lifecycle. By defining appropriate triggers and associating them with customized workflows, organizations can streamline access provisioning, de-provisioning, and other critical identity management tasks.