Skip to main content

Membership Life Cycle Schedule

The Membership Life Cycle schedule updates the temporary membership of groups in an identity store. It performs the following functions:

  • Group owners (primary owner, additional owners, and Exchange additional owners) can set a start and end date to:

    • Add an object as a temporary member of a group
    • Remove a member for a temporary period from group membership

    The Membership Life Cycle schedule temporarily adds and removes an object from group membership on the specified dates.

  • Managers and peers can join and leave a group temporarily on behalf of other users. When the Membership Life Cycle schedule runs, it adds and removes those users from group membership on the specified dates.

  • The Membership Life Cycle schedule executes the Membership Life Cycle policy for the identity store. See the Manage Membership Life Cycle Policies topic.

  • The schedule also removes members when group owners inactivate them during group attestation. See the Enable Group Attestation topic.

Let’s assume that the Membership Life Cycle schedule is scheduled to run once a week, say Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it will not be added. This happens because the Membership Life Cycle schedule did not run on the specific days for temporary membership update. Make sure that the schedule is set to run at a frequency that meets your temporary membership requirements.

Directory Manager generates notifications when the Membership Life Cycle schedule adds or removes users from group membership. See the Manage Membership Life Cycle Notifications topic.

Create a Membership Life Cycle Schedule

Follow the steps to create a Membership Life Cycle Schedule.

Step 1 – In Admin Center, click Identity Stores in the left pane.

Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select Edit.

Step 3 – Click Schedules under Settings in the left pane.

Step 4 – On the Schedules page, click Add Schedule and select Membership Life Cycle Job. The Create Schedule page is displayed.

Step 5 – In the Schedule Name box, enter a name for the schedule.

Step 6 – The Name Preview box displays the schedule name prefixed with _MembershipLifeCycle__; the schedule is displayed with this name in email notifications.

Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in notifications generated by the schedule. Users are redirected to this portal to perform any necessary action.

Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler service. See the Scheduler Service topic for additional information.

Please note the following while selecting a Scheduler service:

  • The Scheduler service for the Directory Manager instance on which you are creating the schedule is selected by default. However, you can select the Scheduler service of another instance as well.

  • The Scheduler service can be changed even after creating the schedule. Upon the next run, the schedule will be triggered by the newly-selected Scheduler service.

  • If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service can be selected automatically.

  • If a schedule is run manually on the Admin Center, then the Scheduler service of that instance will be used.

Step 9 – You can specify containers as targets for the schedule. The schedule will process all groups in these containers and their sub-containers. To specific containers as target, follow step 9 in the Create a Group Usage Service Schedule topic for additional information.

NOTE: Membership Lifecycle policies are not applied to OUs specified here. Target OUs and groups are set in the respective policy.

Step 10 – Click Add Triggers in the Triggers area to specify a triggering criterion for the schedule, that, when met, starts the execution of the schedule. Follow step 11 in the Create a Group Usage Service Schedule topic to add triggers.

Step 11 – Click Add Authentication in the Authentication area to specify an account for running the schedule in the identity store. Follow step 12 in the Create a Group Usage Service Schedule topic for additional information.

Step 12 – On the Create Schedule page, click Create Schedule.

Step 13 – On the Schedules page, click Save.
The schedule is displayed under Membership Life Cycle. See the View the Schedules in an Identity Store  topic for additional information.