Identity lifecycle management at scale

Automate and simplify the identity and access lifecycle.

What is identity lifecycle management?

Identity lifecycle management is a set of tools and processes for keeping identities accurate and synchronized across systems. These processes include provisioning apps and managing user attributes and entitlements.


Provisioning is key to the identity lifecycle management process. It allows IT admins to create user identities and automate provisioning and maintenance as user status or roles change. Azure Active Directory (Azure AD) provides automated provisioning from human resources (HR) apps to Azure AD, from Azure AD to apps, and between Azure AD and on-premises Active Directory domain services.

Identity lifecycle management in Azure AD

Manage the full identity and access lifecycle in Azure AD. Automatically create and manage user identities in your cloud apps, and connect with HR apps to trigger automatic assignments. Simplify the access request workflows and certify access rights with automatic policies.

HR-driven provisioning

Connect to a human capital management (HCM) system, such as Workday and SAP SuccessFactors, to automatically provision and deprovision user access. This enables new hires to get started right away and ensures that access is revoked when employees leave the company.

Provision users and groups to cloud apps

Automate provisioning and deprovisioning of users and roles in cloud apps they need access to, including Dropbox, Salesforce, and ServiceNow.

Provision between directory services

Provision users from an on-premises source, such as Windows Server Active Directory, to Azure AD using Azure AD Connect sync, Azure AD Connect cloud sync, or Microsoft Identity Manager.

Manage access requests

Manage the ongoing changes to user access rights with Azure AD entitlement management. Define how users request access, and ensure users are removed when they no longer need access.

Review access rights regularly

Make sure only the right people have continued access using Azure AD access reviews, which help reviewers to identify users that should have continued access or be removed.

Develop an app using SCIM for provisioning

Use the System for Cross-Domain Identity Management (SCIM) API to enable automatic provisioning of users and groups between your app and Azure AD.

Take a deep dive into Azure AD identity lifecycle management

Apps that work seamlessly with Azure AD

Find all apps for which Azure AD supports preintegrated provisioning connectors, and learn how to configure them.

Adobe Logo
SAP Concur Logo
Zendesk Logo
servicenow Logo
SuccessFactors Logo
DocuSign Logo
Salesforce Logo
Dropbox Logo
cisco Webex Logo
AWS Logo
Atlassian Logo
zoom Logo
workplace Logo
box Logo
workday logo
zscalar Logo

Discover how these customers safeguard their organizations with Microsoft Security

In Azure AD, “provisioning” refers to automatically creating user identities and roles based on certain conditions. In addition to creating user identities, automatic provisioning includes maintenance and removal or deprovisioning of user identities as status or roles change.

“Once we deployed Azure AD and set up automated provisioning, the onboarding process sped up significantly… We’ve realized a huge costs savings from this transition—about $500,000 per year in hard dollars, but tons of soft costs saved!”

A Mattress Firm employee smiling and using a mobile device.

HR-enabled provisioning solutions from Microsoft partners

Additional identity lifecycle management resources


Get an overview of lifecycle and provisioning processes.

How-to guides

See step-by-step guides for identity lifecycle management features.


Learn to deploy identity lifecycle management features.