Lifecycle Workflows (LCW) is a new Identity Governance service that enables organizations to manage users by automating these three basic lifecycle processes – Joiner, Mover, Leaver.
Joiner - A new employee joining a company or organization who will need access to resources.
Mover - An individual moving between boundaries within an organization who may require more (or less) access or authorization. An example would be a user who was in marketing is now a member of the sales organization.
Leaver - An individual leaves the scope of needing access, access may need to be removed. Examples would be an employee who is retiring or an employee who has been terminated.
Lifecycle workflows automatically execute configured tasks when users join or leave your org and provide insights for easy troubleshooting.
Lab success exit criteria.
In this lab we will test the Leaver scenario and execute a real-time employee termination with Lifecycle workflows using the Azure portal. This off-boarding scenario will run a workflow on-demand that will remove the user from all groups and Teams, and then delete the user account.
Step 1. Create the Lifecycle Workflow
- Sign-in to the Azure AD portal as your Global Admin https://aad.portal.azure.com
- In the left menu browse to Identity Governance > Lifecycle Workflows (Preview).
- On the Overview (Preview) page, select + Create workflow.
- Under the Choose a template tab select Real-time employee termination.
- Under Basic tab leave the defaults and select Next: Review tasks.
- Under the Review tasks tab inspect the three predefined tasks but no additional configuration is needed here.
Select Next: Select users.
Under the Select users tab click + Add users and select a user that you will apply this workflow to.
I recommend choosing one of the cloud users that was created by the user pack during the hydration of the tenant, such as Grady Archie.
Click Next: Review + create.
On the review blade, verify the information is correct and select Create.
After it has been created the workflow will automatically run.
Step 2. Verify the workflow results.
Return to the Lifecycle Workflows (Preview) left hand pane and select Workflows (Preview).
In the right pane select the Real-time employee termination workflow you created in step 1.
- In the Overview (Preview) page you should see that the Total processed users tile shows a value of 1.
- Click the View users link in the Total process users tile to bring up the workflow history where you should see the details about the actions performed against the user you chose.
Now verify the user has been deleted by going to the Users > All Users blade.
In the Users blade, click Audit Logs in the left-hand menu where you should see an audit entry for the deletion of the user that was performed by the AAD Lifecycle Management actor.