Skip to main content

User Lifecycle

Persons

  • When a user is initially created in the ODJ (e.g. through SCIM) he/she gets created with lifecycle set to CREATED. This means the user is known to the ODJ but is still missing required attributes (e.g. LDAP-Name, Cloud-Username, ...) which are fetched asynchronously from SIAM.

  • When the required attributes are fetched from SIAM the lifecycle is set to ACTIVE, which means the user is setup correctly and can be used inside the ODJ.

  • If the requireed attributes could not be fetched from SIAM the lifecycle is set to ERROR which indicates that the user is not set up correctly and needs manual intervention. The required parameters for a successfully matching of a SIAM user have to added manually and the lifecycle than should be reset to CREATED.

When the user moves to a different job inside the company or leaves the company and loses ODJ access, SCIM will report the user as inactive.

  • In ODJ the user's lifecycle will be set to SUSPENDED for at least the rest of the day. During that timeframe the users might re-order the ODJ access package and the user will resume working.

  • After the defined timeframe all permissions of the users and all team memberships will be deleted and the user lifecycle is set to INACTIVE which means that the user is not available in the ODJ anymore.

Service Accounts

Service accounts will skip some of the lifecycle states because they can only be used inside the ODJ.

  • When a service account is created it will get the lifecycle directly set to ACTIVE
  • When a service account is delete, the lifecycle will be set directly to INACTIVE