User operations
Focus on lifecycle transitions: onboarding, entitlement changes, and deactivation must remain deterministic to avoid permission drift.
Operational details
- Track source IDs and reconciliation timestamps per user.
- Separate soft deactivation from hard deletion with explicit retention rules.
- Validate required attributes before propagation to downstream systems.
Quality checks
Use idempotency tests for repeated operations to confirm no duplicate role assignment or access grants.
Lifecycle state matrix
| Transition | Source of truth | System effect |
|---|---|---|
| active=true | Connector push | Provisioned assignment and access sync |
| active=false | Deprovision event | Disconnect and clear sessions |
| externalRef change | Directory drift check | Rename update with audit diff |