DEV Community

hediyeh kianmehr
hediyeh kianmehr

Posted on • Edited on

Reactivation Technical Guide

Overview

This guide explains the process of reactivating user accounts in Irancell IAM.

Reactivation restores access to a user who was previously suspended or temporarily deactivated, ensuring that their entitlements, roles, and permissions are reinstated securely.

Key objectives:

  • Restore access in line with policy.
  • Verify that suspended users can return to active status.
  • Ensure roles and entitlements are properly reapplied.
  • Log and audit the reactivation process for compliance.

Input:

  • User identity information (login ID, employee ID, or email).
  • HR or Security approval for reactivation.
  • Managed system mappings for entitlement restoration.

Output:

  • User status set to Active.
  • Access restored across target systems.
  • Audit logs updated with reactivation event.
  • Roles and permissions validated.

Audience: Irancell IAM administrators, compliance officers, and IT support staff.

Table of Contents

  1. Overview
  2. Reactivation Conditions
  3. Reactivation Process
  4. Role Testing
  5. Expected Results
  6. Troubleshooting
  7. FAQ (Frequently Asked Questions)
  8. Appendix

1.Reactivation Conditions

Reactivation is only permitted under controlled circumstances:

Typical scenarios:

  • Employee returns from leave of absence.
  • Security investigation completed (no further risk).
  • Policy violation resolved.
  • Business requirement to reinstate access.

Pre-conditions:

  • HR/Compliance approval recorded.
  • User identity exists in suspended state (not deleted).
  • Managed systems still mapped to the identity.
  • No conflicting status (e.g., already offboarded).

2.Reactivation Process

Steps

  1. Login to the Irancell IAM Administration Console.
  2. Navigate to Administration → User Management → Search User.
  3. Locate the suspended/deactivated user.
  4. Change account status to Active.
  5. Save changes.
  6. Confirm that access has been automatically restored across all relevant applications.

Checklist

  • User account status is Active.
  • Roles/entitlements reassigned correctly.
  • Access propagated to target systems.
  • Audit logs reflect the reactivation event.

3.Role Testing

After reactivation, test and validate assigned roles to ensure correct access.

Steps

  1. Navigate to Administration → User Management → User Roles.
  2. Verify that the roles assigned before suspension are still present.
  3. Perform a test login to a sample managed application.
  4. Confirm access to resources matches the assigned roles.

Checklist

  • Roles restored correctly.
  • No missing entitlements.
  • User can log in successfully.
  • Security group membership intact.

4.Expected Results

After reactivation:

  • User status = Active.
  • Previous roles and entitlements restored.
  • Access to target systems reinstated.
  • Audit log contains Reactivation Event.
  • User can perform normal activities.

5.Troubleshooting

Issue Cause Resolution
User still inactive after reactivation Sync not completed to managed systems Check connector logs and retry provisioning
Missing roles/entitlements Policy not configured to preserve entitlements Update policy and reassign roles manually
No audit log for reactivation Logging misconfiguration Enable audit logging and verify configuration
Reactivation not allowed User already offboarded Create a new onboarding request

Logs to Check

  • Audit Log Viewer (Admin Console).
  • Connector Logs for managed systems.

Checklist

  • User is active in Irancell IAM.
  • Roles and entitlements verified.
  • Target systems reflect restored access.
  • Logs reviewed for compliance.
  • Errors resolved or escalated to Irancell IAM team.

6.FAQ (Frequently Asked Questions)

Q1: Can a user be reactivated if they were fully offboarded (terminated)?

No. Once a user has been offboarded, their identity is permanently deprovisioned from managed systems. A new onboarding request must be created instead of reactivation.

Q2: Will reactivation always restore all roles and entitlements automatically?

Not always. Reactivation depends on policy configuration. If policies are not set to preserve entitlements during suspension, administrators may need to manually reassign roles.

Q3: How long does it take for access to be restored after reactivation?

It depends on the provisioning sync schedule and managed system connectors. Some systems may reflect changes immediately, while others may require a scheduled or manual sync.

Q4: Can reactivation be performed through APIs instead of the Admin Console?

Yes. Irancell IAM provides REST APIs for user management, including reactivation. This is useful for automation or integration with HR workflows.

Q5: What happens if reactivation fails due to conflicting account states?

If the user account is marked as offboarded or has conflicting statuses, reactivation will not proceed. In such cases, open a new onboarding process or correct the user’s identity state in Irancell IAM.

Q6: Who is authorized to approve and perform reactivation?

Reactivation usually requires HR or Compliance approval and must be executed by Irancell IAM administrators or authorized IT support staff.

Q7: Is reactivation logged for compliance purposes?

Yes. Every reactivation generates an audit log event that records the admin, user identity, timestamp, and actions performed for compliance tracking.

Q8: Can temporary reactivation be applied (e.g., for a short-term project)?

Yes. Roles and entitlements can be assigned with time-bound policies, allowing temporary access after reactivation, which automatically expires.

Appendix

Rehire user flow

Top comments (0)