🔄Lifecycle Management
Introduction to Lifecycle Management with Veza
Veza's Lifecycle Management (LCM) solution empowers organizations to automate and streamline the management of user identities and access rights throughout the employee lifecycle. From onboarding to role changes and offboarding, automated LCM workflows ensure that the right people have the correct access at the right time.
Key features
Automated Provisioning and De-provisioning: Streamline granting and revoking entitlements as employees join, move within, or leave the organization
Environment-wide Synchronization: Keep user attributes and access rights consistent across applications and platforms
Customizable Workflows: Design tailored processes for different lifecycle events and user segments
Compliance and Audit Support: Maintain detailed records of access changes to support compliance and audit efforts
Integration with Identity Providers: Integrate with identity providers and HR systems, import HR data from CSV, or use a custom OAA template
In this section
Monitor LCM activity and policy status
View and manage identities from your sources
Create and configure automation policies
Define workflow triggers and provisioning actions
Manage birthright entitlements and business roles
Format and transform identity attributes
Configure email templates and webhooks
Trigger compliance reviews from LCM workflows
Supported identity sources and targets
Common questions and troubleshooting
Reference documentation:
Trigger Conditions Reference - SCIM filter syntax for workflow conditions
Transformer Reference - Complete list of transformation functions
Attribute Mapping - How source attributes map to Veza
System Attributes - Computed attributes for advanced logic
Core concepts
Policies
Policies define the rules and actions for managing identities throughout their lifecycle. They specify what actions should occur when there are changes in a source of identity, such as when a user is created or their attributes change.
After configuring a policy for a source of identity in your organization, Veza Lifecycle Management tracks the source for changes. When employee records are added or changed, actions will trigger based on the workflows and actions specified in the policy. Learn more about Policies.
Workflows
Workflows are sequences of actions within a policy that execute based on specific conditions. They enable automation of lifecycle management processes such as onboarding, role changes, and offboarding.
Workflows only execute actions on users that meet specific conditions, and Policies can contain more than one Workflow. This enables you to create a single policy for your source of identity that contains multiple workflows, with one applying to new hires, another applying to terminated employees, and so on for the different JML scenarios you want to automate. Learn more about Workflows.
Access Profiles
Access Profiles define sets of entitlements (such as group memberships or role assignments within a target application) that should be granted to users based on their role within the organization (or another distinguishing attribute). You can use Access Profiles to define both Business Roles – segments of employees, and Profiles – collections of entitlements in a target application.
Assigning Business Roles to the Profiles they should inherit enables you to define the birthright entitlements for different types of employees in your organization. You can then assign those Business Roles when configuring workflows that add or remove access to an application. Learn more about Access Profiles.
Actions
Lifecycle Management Actions are tasks performed within a workflow, such as creating a user account, assigning group memberships, or disabling an account. Actions can be combined to trigger in sequence when there are changes in the source of identity. Actions can run for any identity that meets the workflow conditions, or only apply when action-level conditions are met. Learn more about available Actions.
Attribute transformers
Transformers allow you to modify and format user attributes when synchronizing data between systems, ensuring consistency and compatibility when creating users across applications.
Lifecycle Management will provision new users with these attributes and can keep their accounts up-to-date when there are changes in the source of identity. Target entity attributes can be set to specific values or use metadata from the source of identity, and support a range of transformation functions. Learn about Transformers.
Expression syntaxes
Lifecycle Management uses two distinct expression syntaxes for different purposes:
SCIM Filter Syntax: Used in workflow trigger conditions to evaluate boolean expressions (e.g.,
is_active eq true). See Trigger Conditions Reference.Formatter/Pipeline Syntax: Used in attribute transformers to produce output values (e.g.,
{first_name | UPPER}). See Transformers.
These syntaxes cannot be interchanged. See Attribute Mapping for a comparison and usage examples.
Notifications
Customize email notifications sent during Lifecycle Management events and Access Request workflows. You can personalize messaging, add branding, and include event-specific information through placeholders. Learn more about Notification Templates.
Getting started
Enable Integrations: Configure your data sources and enable them for Lifecycle Management. Lifecycle Management Integrations
Define Access Profiles: Create profiles that map your organizational structure to application-specific entitlements. Creating Access Profiles
Create Policies: Add policies to automate identity management processes. Building Lifecycle Management Policies
Configure Workflows: Design workflows within policies to handle specific lifecycle events. Configuring Workflows
For an overview of Lifecycle Management configuration using Okta, Workday, and Active Directory, see Workday, Okta, and Active Directory.
For API documentation, see Lifecycle Management APIs.
Last updated
Was this helpful?