How can we help?

Search

User Lifecycle - Source Of Truth (SOT) in Torii

Marina Rogachov
Marina Rogachov
  • Updated

Introduction

Learn how to configure and change the user lifecycle (SOT) in Torii.

With Torii, you can select the SOT (Source Of Truth) to manage your user lifecycle.

Torii will rely on the selected application data to mark users as current or past, trigger workflows, suggest to off-board users, and more.

How to define user lifecycle settings in Torii

By default, Torii relies on user status in Google Workspace (G Suite) or Azure Active Directory. Whenever a user who was previously active becomes inactive or is removed from all of the two IdPs above, Torii marks him as a past user.

To define the user lifecycle in Torii,

  1. Go to Settings >> General >> User lifecycle and click the Edit button
    mceclip0.png
  2. Select your Source Of Truth
  3. In case your SOT is your only source for user management, make sure to uncheck Azure and Google workspace checkboxes
  4. Click Preview changes
  5. Apply changes
    mceclip1.png

Changing User Lifecycle Source Of Truth (SOT)

Editing the SOT is possible. However, note that such a change might dramatically affect the user representation in Torii. Therefore, we recommend doing it only if you trust you want to replace your SOT.

Editing SOT effects 

The following might occur when the user lifecycle is edited:

  1. Current users will be moved to the Past users' list. 
  2. Past users will disappear from Users' tabs completely.
  3. Past users will be moved to the Current users' list.
  4. Users with the "OFFBOARDED" tag will be moved to the Current users' list.
  5. Workflows with "User joins" or " User left" trigger logic will change, and workflows will run.

What will happen with users who left the org in the past and do not appear in the new SOT?

  • Option 1 - Will disappear from Users' tabs in case they are not active in any app.
    These users can still be accessed via Search. 
  • Why? Torii will not identify these users as "Past" since they were never discovered in the SOT, and neither will show them as "Current" since they are inactive in any apps.

OR

  • Option 2 - Will move to the Current Users list in case they are active in at least one app.
  • Why? Torii will not identify these users as "Past" since they were never discovered in the SOT, and will display them in the Current tab since they were discovered as being active in apps.
  • If the selected app has multiple accounts connected, user status in Torii will be updated whenever a change in any of the accounts is identified.
  • If multiple apps are selected, user status in Torii will be updated whenever a change in all of the apps is identified.

Best Practices

Before editing SOT, we recommend the following:

  • Download the CSV from the Past Users tab and keep it for auditing purposes.
  • Add all past users to your new SOT with a "Terminated" or "Inactive" status (see Torii mapping of app past user statuses here).
    Once all past users appear in the new SOT with a relevant status, they will be mapped accurately
    mceclip0.png

Updating user lifecycle configuration and workflows triggers

User lifecycle status in Torii will be updated immediately after the changes are applied.
You will be able to see the updates on the Users page.

Workflows with "user joins", "user left" and "user meets criteria" might be triggered as a result of the configuration change. The workflows will trigger according to the regular schedule on the next evaluation of the trigger criteria.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request