User Lifecycle management

I am new. Where should I start?

Purpose

This section explains how user accounts are created, managed, and removed throughout their lifecycle within the platform.

User Lifecycle Management ensures that:

  • Users have the right access at the right time

  • Access is removed promptly when no longer needed

  • Identity data remains accurate and secure

Scope

This guide applies to:

  • Personal accounts

  • Business and enterprise accounts

  • Users managed manually or via automated provisioning (SCIM)

It covers:

  • User onboarding

  • Account updates

  • Access changes

  • User offboarding

Prerequisites

Before managing user lifecycles, ensure that:

  • You have administrative permissions (for business accounts)

  • Your organization’s identity model is defined

  • Security policies are configured (roles, MFA, access rules)

Overview

User Lifecycle Management spans the entire journey of a user account, from creation to deactivation.

The platform supports:

  • Manual user management

  • Automated lifecycle management through SCIM

  • Centralized enforcement of security policies

Lifecycle stages

  1. User creation

  2. Profile and role updates

  3. Ongoing access management

  4. User deactivation or removal

I already understand. How do I proceed step by step?

Step 1: User creation (Onboarding)

Users can be created through:

  • Email-based sign-up

  • Google sign-up (with password creation)

  • Administrative invitation

  • SCIM-based automated provisioning

During creation:

  • Email verification is required

  • Default roles and policies are applied

  • Security settings inherit organization rules

Step 2: Profile and attribute management

Administrators can manage:

  • User profile information

  • Role assignments

  • Group membership

  • Organization-level access

When SCIM is enabled:

  • The Identity Provider acts as the source of truth

  • Attribute changes are synced automatically

Step 3: Access and Permission Updates

Access can be adjusted by:

  • Updating roles

  • Modifying group membership

  • Applying security policies

Changes take effect immediately and are logged for audit purposes.

Step 4: Security enforcement

Throughout the user lifecycle:

  • MFA policies are enforced

  • Risk-based authentication may be applied

  • Device, IP, or geo-based rules can restrict access

Security controls remain consistent across platforms.

Step 5: User deactivation or offboarding

When access is no longer required:

  • Users can be deactivated manually

  • SCIM can automatically disable users from the IdP

  • Active sessions are revoked

Deactivated users:

  • Cannot sign in

  • Retain historical audit data

Additional notes

  • Deleted users cannot be recovered

  • Deactivation preserves audit history

  • Manual changes may be overridden when SCIM is enabled

  • All lifecycle events are recorded for compliance

Summary

  • User Lifecycle Management controls access from onboarding to offboarding

  • Automation reduces errors and administrative overhead

  • Security policies are enforced consistently

  • SCIM enables scalable enterprise user management

PreviousWhat is SCIM used for?NextAdministrator

Last updated