# Lifecycle Management Veza's Lifecycle Management (LCM) solution empowers organizations to automate and streamline the management of user identities and access rights throughout the employee lifecycle. From onboarding to role changes and offboarding, automated LCM workflows ensure that the right people have the correct access at the right time. ## Key features * **Automated Provisioning and De-provisioning**: Streamline granting and revoking entitlements as employees join, move within, or leave the organization * **Environment-wide Synchronization**: Keep user attributes and access rights consistent across applications and platforms * **Customizable Workflows**: Design tailored processes for different lifecycle events and user segments * **Compliance and Audit Support**: Maintain detailed records of access changes to support compliance and audit efforts * **Integration with Identity Providers**: Integrate with identity providers and HR systems, import HR data from CSV, or use a custom OAA template ## In this section | Topic | Description | | -------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | | [Dashboard](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/getting-started/dashboard.md) | Monitor LCM activity and policy status | | [Identities](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/identities-overview/identities.md) | View and manage identities from your sources | | [Policies](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md) | Create and configure automation policies | | [Conditions and Actions](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions.md) | Define workflow triggers and provisioning actions | | [Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles.md) | Manage birthright entitlements and business roles | | [Attribute Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md) | Format and transform identity attributes | | [Notifications](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/lifecycle-management-notification-templates.md) | Configure email templates and webhooks | | [Access Reviews](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/lcm-access-reviews.md) | Trigger compliance reviews from LCM workflows | | [Integrations](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/integrations.md) | Supported identity sources and targets | | [FAQ](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/lcm-faq.md) | Common questions and troubleshooting | **Reference documentation:** * [Understanding Conditions and Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/conditions-and-transformers-overview.md) - Conceptual guide to the different evaluation systems * [Trigger Conditions Reference](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/trigger-conditions-reference.md) - SCIM filter syntax for workflow conditions * [Transformer Reference](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/transformer-reference.md) - Complete list of transformation functions * [Dynamic Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles/dynamic-access-profiles.md) - Formatter-based profile assignment * [Attribute Mapping](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/attribute-mapping.md) - How source attributes map to Veza * [System Attributes](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/system-attributes.md) - Computed attributes for advanced logic ## Core concepts ### Policies Policies define the rules and actions for managing identities throughout their lifecycle. They specify what actions should occur when there are changes in a source of identity, such as when a user is created or their attributes change. After configuring a policy for a source of identity in your organization, Veza Lifecycle Management tracks the source for changes. When employee records are added or changed, actions will trigger based on the workflows and actions specified in the policy. Learn more about [Policies](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md). ### Workflows Workflows are sequences of actions within a policy that execute based on specific conditions. They enable automation of lifecycle management processes such as onboarding, role changes, and offboarding. Workflows only execute actions on users that meet specific conditions, and Policies can contain more than one Workflow. This enables you to create a single policy for your source of identity that contains multiple workflows, with one applying to new hires, another applying to terminated employees, and so on for the different JML scenarios you want to automate. Learn more about [Workflows](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md#add-workflows-to-policies). ### Access Profiles Access Profiles define sets of entitlements (such as group memberships or role assignments within a target application) that should be granted to users based on their role within the organization (or another distinguishing attribute). You can use Access Profiles to define both Business Roles – segments of employees, and Profiles – collections of entitlements in a target application. Assigning Business Roles to the Profiles they should inherit enables you to define the birthright entitlements for different types of employees in your organization. You can then assign those Business Roles when configuring workflows that add or remove access to an application. Learn more about [Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles.md). ### Actions Lifecycle Management Actions are tasks performed within a workflow, such as creating a user account, assigning group memberships, or disabling an account. Actions can be combined to trigger in sequence when there are changes in the source of identity. Actions can run for any identity that meets the workflow conditions, or only apply when action-level conditions are met. Learn more about available [Actions](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions.md). ### Attribute transformers Transformers allow you to modify and format user attributes when synchronizing data between systems, ensuring consistency and compatibility when creating users across applications. Lifecycle Management will provision new users with these attributes and can keep their accounts up-to-date when there are changes in the source of identity. Target entity attributes can be set to specific values or use metadata from the source of identity, and support a range of transformation functions. Learn about [Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md). ### Conditions and transformers Lifecycle Management uses several systems that evaluate identity attributes, each serving a distinct purpose: * **Workflow Conditions**: SCIM filter expressions that determine *whether* workflows and actions execute (e.g., `is_active eq true`). Output is boolean. * **Attribute Transformers**: Formatter expressions that determine *what value* an attribute should have (e.g., `{first_name | UPPER}`). Output is a string. * **Dynamic Access Profiles**: Formatter expressions that resolve to Access Profile names at runtime (e.g., `dept-{department | LOWER}`). These systems can work together. For example, workflow conditions can embed transformer syntax for dynamic date comparisons. For a guide to when and how to use each, see [Understanding Conditions and Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/conditions-and-transformers-overview.md). ### Notifications Customize email notifications sent during Lifecycle Management events and Access Request workflows. You can personalize messaging, add branding, and include event-specific information through placeholders. Learn more about [Notification Templates](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/lifecycle-management-notification-templates.md). ## Getting started 1. **Enable Integrations**: Configure your data sources and enable them for Lifecycle Management. [Lifecycle Management Integrations](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/integrations.md) 2. **Define Access Profiles**: Create profiles that map your organizational structure to application-specific entitlements. [Creating Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles.md#configuring-access-profiles) 3. **Create Policies**: Add policies to automate identity management processes. [Building Lifecycle Management Policies](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md#add-a-lifecycle-management-policy) 4. **Configure Workflows**: Design workflows within policies to handle specific lifecycle events. [Configuring Workflows](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md#add-workflows-to-policies) For an overview of Lifecycle Management configuration using Okta, Workday, and Active Directory, see [Workday, Okta, and Active Directory](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/how-to/lcm-workday-okta-ad.md). For API documentation, see [Lifecycle Management APIs](/4yItIzMvkpAvMVFAamTf/developers/api/lifecycle-management.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.