Digital Identity User Lifecycle Processes

As part of Identity and Access Management project, the staff and student joiner, mover and leaver processes have been redesigned to increase automation, minimise unnecessary duplication and manual tasks with a view to ultimately improving the user experience.

We aim to enhance the staff and student experience by making it quicker and easier for authorised individuals to get the access they need at the right time to work or study.


Joiner Process:

Leaver Process:

Students can leave the University at various points and therefore the Identity and Access Management project has worked with business stakeholders to identify when the IDAM solution should see a student as an ‘active’ member of the University or ‘inactive’.

The ‘active’ or ‘inactive’ status is based on scenarios such as requiring access for a short period, permanently withdrawing from their studies, successfully completing their studies, for postgraduate researchers waiting for their results and many more.

If a student completes their studies in line with their program end date, and does not leave before this, they will receive two notifications that their account will soon expire:

  1. 30 days before their program end date they will be notified that their account is due to expire in 90 days' time. This will provide enough warning to raise a concern if this date is not correct.
  2. 50 days after their program end date, they would receive another warning that their account is due to expire in 10 days’ time.

Regardless of when a student leaves the University, and therefore becomes ‘inactive’, they would follow the same retention policy:

The only exception to the above leaver policy, and retention policy timescales, is when a student either permanently withdraws or never registers/commences their studies. In these scenarios, the account will be disabled and lapsed with immediate effect and deleted 400 days after.


Joiner Process:

Leaver Process:

For staff members they will be notified twice that their account is due to expire if there is an end date on their SAP record:

  1. 30 days before their end date, the IDAM system will send an automated email to the staff member information them of their end date.
  2. 10 days before their end date, the IDAM system will send a second email reminding them of their upcoming end date.

Once a staff member is ‘inactive’ based on their SAP record, the IDAM solution will disable their account which means the user will no longer be able to logon, but emails sent to the account will not bounce back.

The account will then move from the disabled to lapsed state 60 days after their end date which means that in addition to the user not being able to logon, emails will now also bounce back if sent to the address.

Finally, the account will be deleted, and personally identifiable information removed 120 days after the end date.

Should you have any questions or concerns, please contact the IDAM Project team at