This content originally appeared on DEV Community and was authored by hediyeh kianmehr
Overview
This guide explains the process of reactivating user accounts in OpenIAM.
Reactivation restores access to a user who was previously suspended or temporarily deactivated, ensuring that their entitlements, roles, and permissions are reinstated securely.
Key objectives:
- Restore access in line with policy.
- Verify that suspended users can return to active status.
- Ensure roles and entitlements are properly reapplied.
- Log and audit the reactivation process for compliance.
Input:
- User identity information (login ID, employee ID, or email).
- HR or Security approval for reactivation.
- Managed system mappings for entitlement restoration.
Output:
- User status set to Active.
- Access restored across target systems.
- Audit logs updated with reactivation event.
- Roles and permissions validated.
Audience: IAM administrators, compliance officers, and IT support staff.
Reactivation Conditions
Reactivation is only permitted under controlled circumstances:
Typical scenarios:
- Employee returns from leave of absence.
- Security investigation completed (no further risk).
- Policy violation resolved.
- Business requirement to reinstate access.
Pre-conditions:
- HR/Compliance approval recorded.
- User identity exists in suspended state (not deleted).
- Managed systems still mapped to the identity.
- No conflicting status (e.g., already offboarded).
Reactivation Process
Steps
- Login to the OpenIAM Administration Console.
- Navigate to Administration → User Management → Search User.
- Locate the suspended/deactivated user.
- Change account status to Active.
- Save changes.
- Run a provisioning sync to restore roles and entitlements in managed systems.
- Verify that access is restored across applications.
Checklist
- User account status is Active.
- Roles/entitlements reassigned correctly.
- Access propagated to target systems.
- Audit log updated with reactivation event.
Role Testing
After reactivation, test and validate assigned roles to ensure correct access.
Steps
- Navigate to Administration → User Management → User Roles.
- Verify that the roles assigned before suspension are still present.
- Perform a test login to a sample managed application.
- Confirm access to resources matches the assigned roles.
Checklist
- Roles restored correctly.
- No missing entitlements.
- User can log in successfully.
- Security group membership intact.
Expected Results
After reactivation:
- User status = Active.
- Previous roles and entitlements restored.
- Access to target systems reinstated.
- Audit log contains Reactivation Event.
- User can perform normal activities.
Troubleshooting
Issue | Cause | Resolution |
---|---|---|
User still inactive after reactivation | Sync not completed to managed systems | Check connector logs and retry provisioning |
Missing roles/entitlements | Policy not configured to preserve entitlements | Update policy and reassign roles manually |
Login fails even though user active | Session cache not refreshed | Clear cache or restart session services |
No audit log for reactivation | Logging misconfiguration | Enable audit logging and verify configuration |
Reactivation not allowed | User already offboarded | Create a new onboarding request |
Logs to Check
- Audit Log Viewer (Admin Console).
-
Provisioning Engine Logs (
/opt/openiam/logs/provisioning.log
). - Connector Logs for managed systems.
Checklist
- User is active in OpenIAM.
- Roles and entitlements verified.
- Target systems reflect restored access.
- Logs reviewed for compliance.
- Errors resolved or escalated to IAM team.
Appendix
This content originally appeared on DEV Community and was authored by hediyeh kianmehr