Reactivation Technical Guide



This content originally appeared on DEV Community and was authored by hediyeh kianmehr

Overview

This guide explains the process of reactivating user accounts in OpenIAM.

Reactivation restores access to a user who was previously suspended or temporarily deactivated, ensuring that their entitlements, roles, and permissions are reinstated securely.

Key objectives:

  • Restore access in line with policy.
  • Verify that suspended users can return to active status.
  • Ensure roles and entitlements are properly reapplied.
  • Log and audit the reactivation process for compliance.

Input:

  • User identity information (login ID, employee ID, or email).
  • HR or Security approval for reactivation.
  • Managed system mappings for entitlement restoration.

Output:

  • User status set to Active.
  • Access restored across target systems.
  • Audit logs updated with reactivation event.
  • Roles and permissions validated.

Audience: IAM administrators, compliance officers, and IT support staff.

Reactivation Conditions

Reactivation is only permitted under controlled circumstances:

Typical scenarios:

  • Employee returns from leave of absence.
  • Security investigation completed (no further risk).
  • Policy violation resolved.
  • Business requirement to reinstate access.

Pre-conditions:

  • HR/Compliance approval recorded.
  • User identity exists in suspended state (not deleted).
  • Managed systems still mapped to the identity.
  • No conflicting status (e.g., already offboarded).

Reactivation Process

Steps

  1. Login to the OpenIAM Administration Console.
  2. Navigate to Administration → User Management → Search User.
  3. Locate the suspended/deactivated user.
  4. Change account status to Active.
  5. Save changes.
  6. Run a provisioning sync to restore roles and entitlements in managed systems.
  7. Verify that access is restored across applications.

Checklist

  • User account status is Active.
  • Roles/entitlements reassigned correctly.
  • Access propagated to target systems.
  • Audit log updated with reactivation event.

Role Testing

After reactivation, test and validate assigned roles to ensure correct access.

Steps

  1. Navigate to Administration → User Management → User Roles.
  2. Verify that the roles assigned before suspension are still present.
  3. Perform a test login to a sample managed application.
  4. Confirm access to resources matches the assigned roles.

Checklist

  • Roles restored correctly.
  • No missing entitlements.
  • User can log in successfully.
  • Security group membership intact.

Expected Results

After reactivation:

  • User status = Active.
  • Previous roles and entitlements restored.
  • Access to target systems reinstated.
  • Audit log contains Reactivation Event.
  • User can perform normal activities.

Troubleshooting

Issue Cause Resolution
User still inactive after reactivation Sync not completed to managed systems Check connector logs and retry provisioning
Missing roles/entitlements Policy not configured to preserve entitlements Update policy and reassign roles manually
Login fails even though user active Session cache not refreshed Clear cache or restart session services
No audit log for reactivation Logging misconfiguration Enable audit logging and verify configuration
Reactivation not allowed User already offboarded Create a new onboarding request

Logs to Check

  • Audit Log Viewer (Admin Console).
  • Provisioning Engine Logs (/opt/openiam/logs/provisioning.log).
  • Connector Logs for managed systems.

Checklist

  • User is active in OpenIAM.
  • Roles and entitlements verified.
  • Target systems reflect restored access.
  • Logs reviewed for compliance.
  • Errors resolved or escalated to IAM team.

Appendix


This content originally appeared on DEV Community and was authored by hediyeh kianmehr