When a user leaves your organization, PlusPlus removes their access, transfers or cancels their commitments, and anonymizes their personally identifiable information (PII). This article documents the deprovisioning lifecycle, what gets retained versus removed, and how to configure the timing.
What triggers deprovisioning
A user is deprovisioned when they are marked for removal through any of the following:
People integration. A termination date is set on the user's record in your HRIS, or the user is removed from the source data feed (Workday, a Custom Integration, or CSV over SFTP).
SCIM. The user is deactivated in your identity provider.
Manual admin deletion. An admin deletes the user directly in the PlusPlus UI.
The first two paths are automated and go through a configurable delay before full deprovisioning. Manual admin deletion bypasses the delay and deprovisions the user immediately.
What happens when a user is deprovisioned
The lifecycle has two stages: immediate access removal, followed by full deprovisioning after the configured delay.
Stage 1: Immediate access removal
As soon as a user is marked for removal — by automation or manual deletion — they lose access to PlusPlus through SSO. They cannot sign in. Their data remains intact during the delay period.
Stage 2: Full deprovisioning
After the User deprovisioning delay elapses (default: 7 days), or immediately for manual admin deletion, PlusPlus performs the following automatically:
Transfers calendar invites for events and sessions the user organized, so attendees keep working invites and access to recordings. Ownership transfers to the Calendar event fallback owner configured in System Settings > Integrations > Calendar. The fallback owner must be a user who already exists in PlusPlus and has authorized calendar access.
Transfers automated rules for which the user is the assigner, so rule-based assignments continue uninterrupted.
Removes the user from upcoming events and sessions, including roles as attendee, presenter, organizer, and co-organizer. Spots they were occupying as an attendee become available to others.
Removes the user from all groups.
Removes their outstanding assignments, so incomplete content no longer shows up in their queue or in assignment reports as pending.
Anonymizes their personally identifiable information (PII) — name, email address, and other identifying fields are stripped from the user's record, while the record itself is retained for reporting continuity (see below).
PII deletion timeline
PlusPlus fully removes a user's PII from the platform within 30 days of termination. This applies to platform data; refer to the PlusPlus Data Policy for retention details across logs and backups.
What's retained, what's removed
Data | Retained or removed |
Personally identifiable information (name, email, etc.) | Anonymized at deprovisioning, fully removed within 30 days |
Engagement records (course completions, event attendance, assessment scores) | Retained, anonymized — accessible by filtering on Employee ID |
Group memberships | Removed |
Upcoming event enrollments and host/organizer roles | Removed |
Outstanding assignments | Removed |
Calendar invites for events the user organized | Transferred |
Automated rules where the user is the assigner | Transferred |
Engagement records are kept so historical reporting stays accurate — completion rates, event attendance, and assessment results continue to reflect what actually happened. Admins can locate a deprovisioned user's records by filtering on Employee ID.
Configure the deprovisioning delay
The User deprovisioning delay controls how long the system waits between marking a user for removal (via automation) and performing full deprovisioning. During the delay, the user has no access, but their data has not yet been transferred or anonymized — giving admins time to review, reverse, or reassign before changes are permanent.
To adjust:
Go to System Settings > Security > Privacy.
Set User deprovisioning delay to your preferred duration. Available options: 1, 2, 3, 4, 5, 6, 7, 14, 21, or 30 days.
The delay applies only to automated deprovisioning. Manual admin deletions are immediate and cannot be delayed.
Deprovisioning vs. full deletion
Deprovisioning is the standard lifecycle described above: PII is anonymized, engagement records are retained, and the user record persists in anonymized form to preserve reporting accuracy.
Full deletion removes all traces of a user from PlusPlus, including engagement records. Full deletion is reserved for cases where a customer fully exits the platform and is handled as part of the offboarding process — it is not part of the standard user deprovisioning flow.