Identity Panel provides built-in tools for managing the lifecycle of identity and operational data, supporting compliance with regulatory requirements and internal data governance policies. Organizations can define specific retention periods for different types of data, such as access records, application logs, and sensitive identity information.
Configurable Data Retention Policies
Administrators can configure granular data retention settings in the Identity Panel interface under Security Settings. These settings determine how long various categories of data are retained within the system before automatic deletion:
-
Data Retention: Sets the default retention period for all identity and operational records (e.g., 2555 days for a 7-year policy).
-
Deleted Object Retention: Allows shorter retention for identity records that have been removed from source systems, such as user accounts or group memberships.
-
Run History Retention: Controls how long to keep system activity logs like scans, synchronization tasks, and workflows.
-
Request Retention: Specifies the duration for storing records of access requests, approvals, and related forms of audit evidence.
These settings allow organizations to tailor retention to their specific compliance obligations, including standards like GDPR, HIPAA, or internal audit guidelines.
Data Deletion and Compliance Considerations
Identity Panel’s short backup retention window (typically 4 weeks) helps ensure that deletion requests—whether routine or for regulatory compliance—are fully honored in a timely manner. While data is stored in Azure-hosted environments (or on-premises, depending on deployment), organizations retain control over data lifecycle rules.
Retention policies also apply to sensitive and historical data. For example:
-
Identity changes tracked in the system's Time Traveler history are retained in line with configured policies.
-
Operational data such as workflow logs and Panel Service actions are governed by run history and request retention rules.
-
Console logs and request metadata (such as HTTP logs) are kept for shorter periods (e.g., 7 to 30 days), with flexibility for adjustment by request.
By aligning retention rules with organizational and regulatory standards, Identity Panel supports data minimization while preserving the necessary information for audits, investigations, and compliance reporting.
Comments
0 comments
Article is closed for comments.