Predictable Access Expiry: Resilient Scheduling and Clean Cancellations

December 9, 2025 · GrantFlow Team

One of the quieter but most important guarantees in a just-in-time access platform is this: when access is supposed to end, it ends. We've shipped improvements to the underlying scheduler that make deprovisioning predictably on time — and manual deactivations cleaner than ever.

The problem

In a distributed system, scheduling time-based actions is harder than it sounds. Under load, scheduled revocation jobs could be delayed, retried inconsistently, or — in the worst case — leave access in an ambiguous state after a manual deactivation. For privileged access, even a few minutes of uncertainty is unacceptable.

What's new

GrantFlow's scheduler has been rebuilt with stronger guarantees for time-bound operations:

  • Predictable expiry — role activations and account checkouts expire at their scheduled time, even under load or after service restarts
  • Clean cancellation — when a user or administrator deactivates access early, all pending deprovisioning tasks are cleanly canceled and immediately replaced with a now-revocation job
  • No orphaned jobs — the scheduler tracks the full lifecycle of each activation so there are no leftover scheduled tasks after a cancellation
  • Resilience across restarts — scheduled jobs survive control plane restarts and pick up where they left off without duplicate execution

How it affects you

Most of the time, you won't notice this change — that's the point. But if you've previously observed access lingering slightly past expiry or seen the Connector Jobs page show stale scheduled jobs after a manual deactivation, those cases are now resolved.

Administrators can confirm revocation timelines in Admin → Connectors → Jobs. Scheduled deprovisioning jobs appear with the purple Scheduled badge. When a manual deactivation triggers early revocation, the job transitions immediately to Running rather than waiting for the original scheduled time.

See the Connector Jobs guide for details on monitoring deprovisioning status.

What's next

We're extending the scheduling improvements to cover password rotation windows and other policy-driven timed actions.