Skip to main content
Solved

Best practice for deactivate (subscribed) users

  • September 23, 2025
  • 4 replies
  • 293 views
R
Forum|alt.badge.img

We have introduced SSO with Entra ID. This means we do not have to look at the access of users in LeanIX anymore. Also for stopping the access by removing them from our IdP. But what if a user is also subscribed as an owner of a factsheet. We use the Quality Seal and if it breaks the e-mail is send to a users email that's no longer in the company. So we need to be alerted if a user is deactivated so we can transfer ownership.

Of course we can do a manual check but would love to have a automated process so we are looking for some best practices. How do you take care of deactivating user and transfer ownership.  

Best answer by Carsten

Hi ​@Roald Roos ,

we are using a scheduled python script. It gest inactivated users via powershell. Then it compare with active users from LeanIX (LeanIX API https://fanuc.leanix.net/services/mtm/v1/workspaces/YOUR_WORKSPACE/permissions?page=0&status=!ARCHIVED"). The result contain users to be Archived. We get the factsheets where the user is a subscriber:

  • if user is accoutable or responsible
    • Break the fasctheets QS (Graphql mutation)
    • Create todo for remaining responsible(s) or accountable, in there is no one remaining, create todo for LeanIX admin (LeanIX API)
  • remove subscription (Graphql mutation)
  • Archive user (LeanIX API)

We run the script on a daily basis.
Best regards,
​​​​​​​Carsten

    4 replies

    A
    • andreas
    • Rookie
    • September 24, 2025

    Not yet a comprehensive solution, but an approach: 


    First:
    Under Automation, you create a rule that when a seal breaks, a person (a kind of supervisor) is notified. However, this person then receives such an email for every fact sheet when the condition is met. This also applies to fact sheets that are still regularly checked by you. Nevertheless, the person could keep track of such changes. At least you will be notified when a seal is broken and no one takes care of it for a long time, which could be an indication that the fact sheet owner is no longer with the company


    Second approach:
    Do you have many fact sheet owners, or are they spread across a few groups? Then you could give one group a collective email address and have it registered as a fact sheet owner via Support

     

    Third approach:

    A fact sheet is always assigned to two people. In the sense of a lead and a deputy. It should be rare for two people to leave the company at the same time…

     

    Does anyone have any better/further approaches?

    S

    Hi Roald,

    I can relate to the issue you described.
    We also use user provisioning via Entra ID. Once a month, we run the Subscriptions Manager (LeanIX Store) to identify archived users who are still subscribers to fact sheets. The report has some limitations, such as not being able to filter by fact sheet type, subtype, or lifecycle.

    After that, the process is entirely manual: we contact the line manager of the leaver and ask who the successor will be.

    Our long-term plan is to integrate with the joiners, movers, leavers process and automatically create a task for the line manager.

    Carsten
    Forum|alt.badge.img+1
    • Carsten
    • Everlasting Love
    • September 24, 2025

    Hi ​@Svetlina Petrova,

    I have a scheduled job in place: I reads inactive users via powershell. Than it compare with active users of LeanIX. This list is used to remove subscriptions. If a user is an accountable or responsible subscriber the quality seal is broken and a task is created for the remaining responsible(s)/accountable or EAM admins of LeanIX. For observers we just remove the subscription. The we archive the user in LeanIX. This was programmed using Python, powershell and LeanIX Graphql.

    Best regards,
    Carsten

    Carsten Schubert
    Carsten
    Forum|alt.badge.img+1
    • Carsten
    • Everlasting Love
    • Answer
    • September 26, 2025

    Hi ​@Roald Roos ,

    we are using a scheduled python script. It gest inactivated users via powershell. Then it compare with active users from LeanIX (LeanIX API https://fanuc.leanix.net/services/mtm/v1/workspaces/YOUR_WORKSPACE/permissions?page=0&status=!ARCHIVED"). The result contain users to be Archived. We get the factsheets where the user is a subscriber:

    • if user is accoutable or responsible
      • Break the fasctheets QS (Graphql mutation)
      • Create todo for remaining responsible(s) or accountable, in there is no one remaining, create todo for LeanIX admin (LeanIX API)
    • remove subscription (Graphql mutation)
    • Archive user (LeanIX API)

    We run the script on a daily basis.
    Best regards,
    ​​​​​​​Carsten

    Carsten Schubert
      Terms & ConditionsCookie settingsAccessibility statement