IAM Design Principle: User Status Values

Posted on by Carol

A field indicating a person’s “status” with respect to the organisation is a standard feature of all IAM implementations. Over many solutions I’ve boiled it down to four status values that satisfy all the lifecycle use cases I’ve come across:

  1. Pending – We know about this person but their hire (or re-hire) date is in the future,
  2. Active – Active employment or other relationship,
  3. Suspended – A temporary state where all accounts are disabled but otherwise unchanged, perhaps due to long leave or temporary suspension of duties,
  4. Inactive – Relationship with the organisation has ceased.

The designer of the IAM solution shouldn’t have to be concerned with why a person is in any one of these states – all we need to know is:

  • how to identify the status, and
  • what to do when the status changes.

Obviously the status is sometimes combined with other attribute values to determine actions, but these are the four status values I have found to be generally applicable across a range of solutions and organisation types.

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*