Skip to main content

Membership Life Cycle Schedule

The Membership Life Cycle schedule updates the temporary membership of groups in an identity store. It performs the following functions:

  • Group owners (primary owner, additional owners, and Exchange additional owners) can set a start and end date to:

    • Add an object as a temporary member of a group
    • Remove a member for a temporary period from group membership

    The Membership Life Cycle schedule temporarily adds and removes an object from group membership on the specified dates.

  • Managers and peers can join and leave a group temporarily on behalf of other users. When the Membership Life Cycle schedule runs, it adds and removes those users from group membership on the specified dates.

  • The Membership Life Cycle schedule executes the Membership Life Cycle policy for the identity store. See the Manage Membership Life Cycle Policies topic.

  • The schedule also removes members when group owners inactivate them during group attestation. See the Enable Group Attestation topic.

Let’s assume that the Membership Life Cycle schedule is scheduled to run once a week, say Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it will not be added. This happens because the Membership Life Cycle schedule did not run on the specific days for temporary membership update. Make sure that the schedule is set to run at a frequency that meets your temporary membership requirements.

GroupID generates notifications when the Membership Life Cycle schedule adds or removes users from group membership. See the Manage Membership Life Cycle Notifications topic.

What do you want to do?

Create a Membership Life Cycle Schedule

  1. In Admin Center, click Identity Stores in the left pane.

  2. On the Identity Stores page, click the ellipsis button for an identity store and select Edit.

  3. Click Schedules under Settings in the left pane.

  4. On the Schedules page, click Add Schedule and select Membership Life Cycle Job. The Create Schedule page is displayed.

  5. In the Schedule Name box, enter a name for the schedule.

  6. The Name Preview box displays the schedule name prefixed with MembershipLifeCycle_; the schedule is displayed with this name in email notifications.

  7. Select a GroupID portal URL in the Portal URL drop-down list to include it in notifications generated by the schedule. Users are redirected to this portal to perform any necessary action.

  8. In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of Elasticsearch clusters in the environment, as each cluster has its own Scheduler service. See the Scheduler Service topic.

  9. You can specify containers as targets for the schedule. The schedule will process all groups in these containers and their sub-containers. To specific containers as target, follow step 9 in the Create a Group Usage Service Schedule topic.

    NOTE: Membership Lifecycle policies are not applied to OUs specified here. Target OUs and groups are set in the respective policy.

  10. Click Add Triggers in the Triggers area to specify a triggering criterion for the schedule, that, when met, starts the execution of the schedule. Follow step 11 in the Create a Group Usage Service Schedule topic to add triggers.

  11. Click Add Authentication in the Authentication area to specify an account for running the schedule in the identity store. Follow step 12 in the Create a Group Usage Service Schedule topic for details.

  12. On the Create Schedule page, click Create Schedule.

  13. On the Schedules page, click Save.
    The schedule is displayed under Membership Life Cycle. See the View the Schedules in an Identity Store  topic for more info.

See Also