Howdy, everyone! We’re excited to release Profile Master User Lifecycle Settings (PMULS). I admit that's a mouthful, but hear me out.
PMULS exposes granular lifecycle settings in the admin UI. These lifecycle settings specify what a master source, such as AD or an HR system, does to an Okta account when the source account is deactivated or reactivated. For example, if your source account is deactivated, you can choose to do the following:
- Do Nothing (to the Okta account)
- Deactivate Okta User (remove access to downstream apps)
- Suspend Okta User (don’t remove access but prevent user from logging in to Okta)
Additionally, this enhancement gives admins more ways to handle reactivation scenarios. In particular, if your source account is reactivated, you can choose to do the following:
- Reactivate suspended Okta users
- Reactivate deactivated Okta users
A big benefit, one that’s less apparent, is that these settings are available for each master instance. If you want lifecycle settings from one AD instance to be different from those in another AD instance (or some other master source), that’s supported!
Wait, didn’t Okta already have these capabilities? Yes, but the settings weren’t in the admin UI, and they weren't available at an instance level. Now they are!
- These settings aren’t yet available for LDAP master sources; we’re working on it.
I'm in! How do I get started?
We hope you like these improvements! Customers have been asking for more granular lifecycle controls.
This feature is EA, so it's fully supported. Contact Okta support to enable it in your org. If you have any feedback, please email email@example.com (subject line: PMULS Feedback).