|
| 1 | +--- |
| 2 | +title: Convert guest user lifecycle in entitlement management - Microsoft Entra |
| 3 | +description: Learn how to convert guest user access package assignments for an access package in entitlement management. |
| 4 | +services: active-directory |
| 5 | +documentationCenter: '' |
| 6 | +author: owinfreyATL |
| 7 | +manager: amycolannino |
| 8 | +editor: |
| 9 | +ms.service: active-directory |
| 10 | +ms.workload: identity |
| 11 | +ms.tgt_pltfrm: na |
| 12 | +ms.topic: how-to |
| 13 | +ms.subservice: compliance |
| 14 | +ms.date: 08/08/2023 |
| 15 | +ms.author: owinfrey |
| 16 | +ms.reviewer: |
| 17 | +ms.collection: M365-identity-device-management |
| 18 | + |
| 19 | + |
| 20 | +#Customer intent: As an administrator, I want detailed information about how I can convert an ungoverned guest user access package assignment so that requestors have the resources they need to perform their job. |
| 21 | + |
| 22 | +--- |
| 23 | + |
| 24 | +# Manage guest user lifecycle (preview) |
| 25 | + |
| 26 | +Entitlement management allows you to gain visibility into the state of a guest user's lifecycle through the following viewpoints: |
| 27 | + |
| 28 | +- **Governed** - The guest user is set to be governed. |
| 29 | +- **Ungoverned** - The guest user is set to not be governed. |
| 30 | +- **Blank** - The lifecycle for the guest user isn't determined. This happens when the guest user had an access package assigned before managing user lifecycle was possible. |
| 31 | + |
| 32 | +> [!NOTE] |
| 33 | +> When a guest user is set as **Governed**, based on ELM tenant settings their account will be deleted or disabled in specified days after their last access package assignment expires. Learn more about ELM settings here: [Manage external access with Azure Active Directory entitlement management](../fundamentals/6-secure-access-entitlement-managment.md). |
| 34 | +
|
| 35 | +You can directly convert ungoverned users to be governed by using the **Mark Guests as Governed (preview)** functionality in the top menu bar. |
| 36 | + |
| 37 | +## Manage guest user lifecycle in the Azure portal |
| 38 | + |
| 39 | +To manage user lifecycle, you'd follow these steps: |
| 40 | + |
| 41 | +**Prerequisite role:** Global administrator, User administrator, Catalog owner, Access package manager or Access package assignment manager |
| 42 | + |
| 43 | +1. In the Azure portal, select **Azure Active Directory** and then select **Identity Governance**. |
| 44 | + |
| 45 | +1. In the left menu, select **Access packages** and then open the access package. |
| 46 | + |
| 47 | +1. In the left menu, select **Assignments**. |
| 48 | + |
| 49 | +1. On the assignments screen, select the user you want to manage the lifecycle for, and then select **Mark guest as governed (Preview)**. |
| 50 | + :::image type="content" source="media/entitlement-management-access-package-assignments/govern-user-lifecycle.png" alt-text="Screenshot of the govern user lifecycle selection." lightbox="media/entitlement-management-access-package-assignments/govern-user-lifecycle.png"::: |
| 51 | +1. Select save. |
| 52 | + |
| 53 | +## Manage guest user lifecycle programmatically |
| 54 | + |
| 55 | +To manage user lifecycle programatically using Microsoft Graph, see: [accessPackageSubject resource type](/graph/api/resources/accesspackagesubject). |
| 56 | + |
| 57 | + |
| 58 | + |
| 59 | +## Next steps |
| 60 | + |
| 61 | +- [What is entitlement management?](entitlement-management-overview.md) |
0 commit comments