Identity Lifecycle and Deletion Semantics¶
This page explains how the Identity Operations Platform handles identity and group deletion over time.
It covers three lifecycle phases:
Soft-DeleteGrace-PeriodHard-Delete
Purpose¶
Deletion in identity operations must be safe, auditable, and resilient to temporary upstream issues. The lifecycle model is designed to:
- prevent accidental immediate data loss
- provide a controlled review window
- enforce deterministic long-term cleanup
- preserve traceability for operations and audits
Lifecycle Overview¶
The platform applies a staged deletion model for synchronized managed identities and groups:
| Phase | Meaning |
|---|---|
| Active | Record exists and is used in normal operations. |
| Soft-Delete | Record is marked for deletion but not yet physically removed. |
| Grace-Period | Waiting window after soft-delete before permanent removal. |
| Hard-Delete | Record is permanently removed after the grace-period. |
Soft-Delete¶
If a managed identity or group is no longer found in its authoritative source during synchronization, the record is first marked for deletion.
At this stage:
- the record is retained in storage
- the record is excluded from normal operational usage
- permanent deletion is intentionally delayed
This protects operations from immediate impact when upstream connectors, directories, or network paths are temporarily unstable.
Grace-Period¶
After soft-delete, the platform keeps the record for a configurable grace-period.
The grace-period allows teams to:
- verify whether disappearance is expected or accidental
- handle upstream incidents without immediate irreversible deletion
- preserve short-term forensic and operational context
The deletion interval is controlled by platform system parameterization and should be aligned with customer governance requirements.
Hard-Delete¶
When the grace-period expires, the record is permanently removed.
This ensures:
- stale records do not accumulate indefinitely
- the identity dataset remains operationally clean
- storage and processing overhead stay predictable
Hard-delete is automatic and policy-driven, not manual by default.
Behavior in Source-Mapped Environments (OpenText Advanced Authentication + AD/LDAP)¶
In mapped multi-source setups, the platform uses additional safety checks before final deletion decisions.
In practical terms:
- a missing record in a mapped directory source does not automatically imply immediate deletion
- primary source context is considered before a deletion path is finalized
- group deletion is protected against false positives from non-primary source gaps
This is especially important in OpenText Advanced Authentication-centric deployments with mapped AD/LDAP sources, where temporary source inconsistencies can otherwise cause unintended deletions.
Why This Matters for Operations¶
The staged model improves operational reliability by:
- reducing blast radius from transient upstream failures
- providing controlled reaction time for administrators
- keeping cleanup behavior predictable across environments
Why This Matters for Audit and Compliance¶
The model strengthens auditability by clearly separating:
- logical removal intent (
Soft-Delete) - waiting and review window (
Grace-Period) - irreversible removal (
Hard-Delete)
This supports clearer evidence trails and better post-incident reconstruction.
Customer Guidance¶
- Define an appropriate grace-period based on regulatory and operational needs.
- Keep source ownership and source mappings clean and documented.
- Monitor synchronization health to detect unusual soft-delete spikes early.
- Include deletion-lifecycle checks in periodic operational reviews.
- Align backup and recovery procedures with deletion timing expectations.
Summary¶
The Identity Operations Platform deletion lifecycle balances safety and cleanup discipline. Soft-delete and grace-period protect day-to-day operations and auditability, while hard-delete guarantees long-term data hygiene.