Term · 3. Account Management & Provisioning
Deprovisioning Deprov
Definition
Removal of an identity's access from a target system — typically triggered by termination (Leaver), role change (Mover), or access expiration. Includes disabling accounts, revoking entitlements, terminating active sessions, and archiving credentials. Speed of deprovisioning is a key security metric — orphaned access is a major insider threat vector.
- Application
- SailPoint: Lifecycle Manager — Termination workflow removes/disables accounts on Applications
- Standards & regulations
-
- NIST SP 800-63A «The CSP or Identity Service Provider (IdP) SHALL have a process to deactivate or reactivate a subscriber’s authenticator(s) when the subscriber’s account is terminated, suspended, or reactivated.»
- NIST SP 800-53 Rev. 5 «The organization disables accounts upon termination or when account activity has been inactive for an organization-defined time period.»
- Sources
-
- NIST SP 800-63 Digital Identity Guidelines (NIST) primary source
Related terms
-
Offboarding
End-of-lifecycle process when an identity is terminated — disable accounts, revoke entitlements, terminate active sessio …
-
CIAM (CIAM)
Customer Identity and Access Management — specialized IAM for managing customer (not employee) identities. Differs from …
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …
-
Entitlement Creep
Gradual accumulation of access rights beyond what's needed for current job, as users change roles without losing prior a …
-
Identity Proofing
Process of establishing that a person is who they claim to be, by collecting and verifying identity evidence (government …
-
Joiner-Mover-Leaver (JML)
Standard workforce identity lifecycle pattern: Joiner (new hire onboarding — create accounts, assign baseline access), M …