Lifecycle Management

Manage your users from joining to leaving 

Foundation Features

  • Role based Account and Entitlement Provisioning

  • Birth- Right Provisioning

  • Promotions and Transfers

  • Suspension and Restoration

  • De-Provisioning/Termination

  • Access Request- Accounts and Entitlements

  • Time Bound Access

  • Manager initiated access and termination request

  • Multi-level approval workflows

Role based Account and Entitlement Provisioning

Cloud Identity helps organizations deal with many of its user lifecycle management challenges with its Lifecycle Management module. The key component of this module is Role Base Account and Entitlement Provisioning. Role based provisioning allow Cloud Identity to cater various scenario that come up during a user’s journey within an organization.

Cloud Identity creates accounts and assignment for new and existing user across business applications based on user attributes and roles. Administrators can create static / dynamic roles. Users can then get access to business applications based on their role memberships.



Birth- Right Provisioning

All users joining an organization get access to certain systems and applications as part of default application access for everyone in the organization (such as an AD account to login to OS and join the domain, an Email account, Office 365, etc.). Different organizations have different accesses to be provided to users based on the prevalent processes and organizational rules. Based on those rules, Cloud Identity enables the necessary accesses to different systems and applications to be automatically granted to new users.

Promotions and Transfers

Cloud Identity automatically adjusts user access across business applications and entitlements based on promotions / transfers. The necessary accounts and entitlements relevant to the new role of the user are automatically provisioned. Those accounts and entitlements that are no longer relevant to the user’s new role are automatically de-provisioned. Provisioning and de-provisioning is conducted in accordance with rules defined on the relevant applications and its entitlements configured for the role.


Suspension and Restoration

Cloud Identity automatically deletes/suspends users who are marked as Suspended in the integrated SoT – CSV, Enterprise Directory or HRMS. Based on the user’s status in Cloud Identity, his/her accounts in the various target applications are deleted or suspended
When users are marked as “Restored” in the integrated SoT, Cloud Identity automatically reactivates all the accounts of those users and enables all their accesses.


When a user leaves the organization, Cloud Identity automatically removes user’s accesses across all business applications, thus eliminating the need for it to be done manually. This feature supports statutory and regulatory compliance and ensures effective security.

Access Request- Accounts and Entitlements

As part of ongoing operations of an organization, users need access to different business applications at different times.

Cloud Identity allows users to request access to any onboarded application or request for additional entitlements within an application. Based on the configuration of the multi-level approval workflow, these requests are sent to the relevant authority for approval. Upon approval, the accounts can be provisioned automatically.


Cloud Identity also allows users to request for termination of any existing application or entitlement.

Approvers can approve/reject/delegate access requests in their Dashboard. Approvers can also modify the request by changing requested entitlements and/or changing the duration of access.

Time Bound Access

Cloud Identity can provide users with time bound access. This ensures that the provisioned account or entitlement will be removed from user once the specified period is over.

Additionally, Cloud Identity also allows users to request for extension of an access.

Manager initiated access and termination request

Cloud Identity also allows the Managers to request for access or request for termination of an application or entitlement on behalf of its subordinates. These requests also follow pre-configured multi-level approval workflows before the request is fulfilled.

Multi-level approval workflows

Cloud Identity allows administrators to configure multi-level workflows for access requests to applications or roles.

Admin can choose a role as the approving authority at each level of the workflow. Additionally, admin can also specify if all users or only one user of a role need to approve the request.

Cloud Identity has a preconfigured workflow for all applications. Customer have the option to have custom workflows configured for each application and entitlement.