IAM Design Principal: User Status Values

Share this content:

A field indicating a person’s “status” with respect to the organisation is a standard feature of all IAM implementations. Over many solutions I’ve boiled it down to four status values that satisfy all the lifecycle use cases I’ve come across:

  1. Pending – We know about this person but their hire (or re-hire) date is in the future,
  2. Active – Active employment or other relationship,
  3. Suspended – A temporary state where all accounts are disabled but otherwise unchanged, perhaps due to long leave or temporary suspension of duties,
  4. Inactive – Relationship with the organisation has ceased.

The designer of the IAM solution shouldn’t have to be concerned with why a person is in any one of these states – all we need to know is:

  • how to identify the status, and
  • what to do when the status changes.

Obviously the status is sometimes combined with other attribute values to determine actions, but these are the four status values I have found to be generally applicable across a range of solutions and organisation types.



I will be adding to this series regularly between now and the end of December. Check back weekly to ensure you don’t miss any new posts!

Also, I would love to hear your thoughts on the topic, so please share them in a comment.

Carol Wapshere

I’ve been working in the IT industry for rather a lot of years now, starting in sys admin then moving through project work and consultancy, eventually coming across MIIS 2003 in 2005 while working on an email migration project in London. After a few years in Switzerland I am now back in Australia, based in Canberra, working for UNIFY Solutions. I have been awarded the MVP for ILM/FIM every year since 2009.

Leave a Reply

Your email address will not be published. Required fields are marked *