Domains / Security and Compliance/ Data Aggregate

Identity Record Aggregate

Consistency boundary for a single user or service account identity, including credentials, role assignments, MFA devices, and active sessions.

Data Aggregate Application active

Identity Record Aggregate enforces the invariant that a user must have at least one verified authentication factor and one active tenant membership before transitioning to the active state. Deprovisioning triggers a cascading session revocation.

Relationships

Composes outgoing 1
Target Element Element Type
Identity Record Data Concept
Owns outgoing 2
Target Element Element Type
Identity and Access Management Component
IAM API Software Subsystem
Owned by incoming 1
Source Element Element Type
Identity and Access Management Component

Architecture Context

Diagrams

Not yet referenced in any diagram

Properties

Type Data Aggregate
Layer Application
Domain Security and Compliance
Status active
Owner Security Team

Additional Metadata

Lifecycle States pending, active, suspended, deprovisioned
Archimate Type data-object
Ddd Type Aggregate
Togaf Type Logical Data Component

Meta Model

Business
Organization
Application current
Technology

Actions