How can we help?

Search

User Lifecycle - Source Of Truth (SOT) in Torii

Marina Rogachov
Marina Rogachov
  • Updated

Overview

Learn what User Lifecycle configuration means in Torii and why it is important to set up. Learn how to configure and change the User Lifecycle (SOT) in Torii and employee best practices. 

User Lifecycle

User lifecycle in Torii refers to determining whether a user in the Torii platform is marked as 'current' (currently active), or 'past' (previous/terminated employee, removed service account etc.). 

This status is determined by the User Lifecycle SOT system(s) you define. By default, Torii relies on user status in Google Workspace (G Suite) or Azure Active Directory -  but you should update this selection to match the way you manage you users internally today. 

 

Benefits of configuring User Lifecycle

Torii will use your configuration of User Lifecycle to mark users as current or past, trigger workflows, suggest to off-board users, and more. If you are interested in managing user lifecycle, you will greatly benefit from setting this up.

 

How to define User Lifecycle settings in Torii

To define the User Lifecycle in Torii:

  1. Go to Settings >> Users & Employees>> User lifecycle and click the Manage Sources button
  2. Select your Source(s) Of Truth (more on this later)
  3. In case your SOT is your only source for user management, make sure to uncheck Azure and Google workspace checkboxes
  4. Click Preview changes
  5. You get get an email with the full list of users (and workflows, if relevant) who will be affected)
  6. Apply changes

Changing User Lifecycle Source Of Truth (SOT)

Your User Lifecycle should be set up to accurately represent user status (And the systems governing it) in your organization. If this is not the case (such as due to due to a change in systems used), Editing the SOT is possible and recommended.

However, note that can affect the user representation in Torii, as well as trigger various workflows who rely on this information. Therefore, we recommend emailing the full changes report and reviewing it when previewing the changes before applying them.

 

What does updating User Lifecycle SOT affect?

The following might occur when the User Lifecycle is edited:

  1. Current users could be moved to the Past users' list (and vice versa)
  2. Past users could disappear from Users' tabs completely.
  3. Users with the "OFFBOARDED" tag could be moved to the Current users' list.
  4. Workflows with "User joins" or " User left" trigger logic will change, and workflows will run. 

You will be able to see the updates to users on the Users page immediately after updating your configuration. The workflows will trigger (if relevant) according to the regular schedule on the next evaluation of the trigger criteria.

 

Best Practices

  • Your User Lifecycle configuration should include as few systems as possible, that combined accurately reflect a user’s status (current/active/employed vs past/inactive/terminated) for all employees (past & present) and other users in your organization.
  • Your User Lifecycle configuration should include the system(s) you configured for Employee Definition.
  • Remember that Torii selected both Google Workspace and Azure Active Directory as User Lifecycle sources by default. If any of these are not relevant to your organization, don't forget to deselect them. 
  • Prior to applying any changes to your User Lifecycle configuration, send the full changes list and review them to make sure the user list & statuses are correct.
  • If uncertain, pause workflows with "User joins" or " User left" triggers to verify data in Torii before enabling them again. 
  • When making changes to your SOT configuration:
    • Download the CSV from the Past Users tab and keep it for auditing purposes.
    • Add all past users from the previous system to your new SOT with a "Terminated" or "Inactive" status (see Torii mapping of app past user statuses here).
    • Once all past users appear in the new SOT with a relevant status, they will be mapped accurately when transitioning to the new system.

 

Q&A

Q: How is a user determined to be 'current' or 'past' when multiple SOT systems are selected?

A: A user will be considered 'past' if they:

  • Return from the app with a status Torii associates with 'past' users - OR
  • No longer returns from the app

With multiple SOT systems, a user must be considered 'past' in all relevant systems to be marked as 'past' in Torii.

The user's lifecycle status is determined only be systems that they were discovered in (currently or previously). Systems selected as part of the configuration where they were never discovered will not be taken into consideration when determining user status.

Read more about this here.

Q: What happens if I change the User Lifecycle SOT and there are users who left the org in the past and and do not appear in a new system(s)?

A: There are two possible outcomes in this scenario

  • Option 1 - The users will disappear from Users' tabs in case they are not active in any app.
    These users can still be accessed via Search. 
    • Why? Torii will not identify these users as "Past" since they were never discovered in the SOT, and neither will show them as "Current" since they are inactive in any apps.
  • Option 2 - The users will move to the Current Users list in case they are active in at least one app.
    • Why? Torii will not identify these users as "Past" since they were never discovered in the SOT, and will display them in the Current tab since they were discovered as being active in apps.
  • If the selected app for the SOT has multiple accounts connected, user status in Torii will be updated whenever a change in any of the accounts is identified.
  • If multiple apps are selected for the SOT, user status in Torii will be updated only when a change in all of the apps is identified.
 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request