IdLE is a generic, headless, configuration-driven lifecycle orchestration engine for identity and account processes (Joiner / Mover / Leaver), built for PowerShell 7+.
The key idea is to separate intent from implementation:
- What should happen is defined in a workflow (data-only configuration).
- How it happens is implemented by steps and providers (pluggable modules).
- steps define, via StepTypes, which provider-agnostic capabilities are required to perform a workflow step
- providers register to the core and announce the provided capabilities and implement the vendor system specific interface
JML (joiner/mover/leavers) processes are
- error prone, especially if performed manually
- time consuming and therefore
- quite annoying for operators
Self-made identity lifecycle automation often turns into long scripts that are:
- tightly coupled to one environment
- hard to test
- hard to change safely
Identity Management Systems (IdMS) on the other side are either complex or expensive (or both of it) and then often do not care about supplementary systems that also need to be covered within the workflows.
- Plan → Execute flow (preview actions before applying them)
- Joiner / Mover / Leaver orchestration (and custom lifecycle events)
- Plugin step model (idempotent, provider-agnostic)
- Structured events for audit/progress (CorrelationId, Actor, step results)
For a complete overview of concepts, see About > Concepts.
Tip
For improved documentation experience, please visit https://idle-engine.io.
Quick install:
Install-Module -Name IdLE -Scope CurrentUser
Import-Module IdLEFor further installation instructions, requirements, and options, see Installation Guide.
Please refer to the documentation in "How to use IdLE?" for further instructions on the following topics:
- How to write a workflow
- Create an identity lifecycle request
- Plan the IdLE run
- Invoke & Execute the Plan
Run the end-to-end demo (Plan → Execute):
pwsh -File .\examples\Invoke-IdleDemo.ps1 -AllThe demo shows:
- creating a lifecycle request
- building a deterministic plan from a workflow definition (
.psd1) - executing the plan using built-in steps and a mock provider
By default, the demo runs Mock workflows that work out-of-the-box without external systems. The examples folder also includes Template workflows that demonstrate real-world scenarios with Active Directory, Entra ID, Exchange Online, but these require the corresponding infrastructure and provider modules.
The documentation is also available at our project site: https://blindzero.github.io/IdentityLifecycleEngine
Start here:
- docs/about/intro.md – About IdLE
- docs/use/intro-use.md – How to use IdLE
- docs/reference/intro-reference.md - The authoritative IdLE reference
PRs welcome. Please see CONTRIBUTING.md and STYLEGUIDE.md
See Github Issues and Milestones for our roadmap.
See the LICENSE.md file.