# User Lifecycle management

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

#### Purpose <a href="#purpose" id="purpose"></a>

This section explains how user accounts are created, managed, and removed throughout their lifecycle within the platform.

User Lifecycle Management ensures that:

* Users have the right access at the right time
* Access is removed promptly when no longer needed
* Identity data remains accurate and secure

***

#### Scope <a href="#scope" id="scope"></a>

This guide applies to:

* Personal accounts
* Business and enterprise accounts
* Users managed manually or via automated provisioning (SCIM)

It covers:

* User onboarding
* Account updates
* Access changes
* User offboarding

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before managing user lifecycles, ensure that:

* You have administrative permissions (for business accounts)
* Your organization’s identity model is defined
* Security policies are configured (roles, MFA, access rules)

***

#### Overview <a href="#overview" id="overview"></a>

User Lifecycle Management spans the entire journey of a user account, from creation to deactivation.

The platform supports:

* Manual user management
* Automated lifecycle management through SCIM
* Centralized enforcement of security policies

***

#### Lifecycle stages <a href="#lifecycle-stages" id="lifecycle-stages"></a>

1. User creation
2. Profile and role updates
3. Ongoing access management
4. User deactivation or removal

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### Step 1: User creation (Onboarding) <a href="#step-1-user-creation-onboarding" id="step-1-user-creation-onboarding"></a>

Users can be created through:

* Email-based sign-up
* Google sign-up (with password creation)
* Administrative invitation
* SCIM-based automated provisioning

During creation:

* Email verification is required
* Default roles and policies are applied
* Security settings inherit organization rules

***

#### Step 2: Profile and attribute management <a href="#step-2-profile-and-attribute-management" id="step-2-profile-and-attribute-management"></a>

Administrators can manage:

* User profile information
* Role assignments
* Group membership
* Organization-level access

When SCIM is enabled:

* The Identity Provider acts as the source of truth
* Attribute changes are synced automatically

***

#### Step 3: Access and Permission Updates <a href="#step-3-access-and-permission-updates" id="step-3-access-and-permission-updates"></a>

Access can be adjusted by:

* Updating roles
* Modifying group membership
* Applying security policies

Changes take effect immediately and are logged for audit purposes.

***

#### Step 4: Security enforcement <a href="#step-4-security-enforcement" id="step-4-security-enforcement"></a>

Throughout the user lifecycle:

* MFA policies are enforced
* Risk-based authentication may be applied
* Device, IP, or geo-based rules can restrict access

Security controls remain consistent across platforms.

***

#### Step 5: User deactivation or offboarding <a href="#step-5-user-deactivation-or-offboarding" id="step-5-user-deactivation-or-offboarding"></a>

When access is no longer required:

* Users can be deactivated manually
* SCIM can automatically disable users from the IdP
* Active sessions are revoked

Deactivated users:

* Cannot sign in
* Retain historical audit data

***

#### Additional notes <a href="#additional-notes" id="additional-notes"></a>

* Deleted users cannot be recovered
* Deactivation preserves audit history
* Manual changes may be overridden when SCIM is enabled
* All lifecycle events are recorded for compliance

***

#### Summary <a href="#summary" id="summary"></a>

* User Lifecycle Management controls access from onboarding to offboarding
* Automation reduces errors and administrative overhead
* Security policies are enforced consistently
* SCIM enables scalable enterprise user management


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/business-account/scim-automated-user-and-workspace-provisioning/user-lifecycle-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.