...
Organizational Identities
As of Registry v2.0.0, Organizational Identities may have valid from and valid through dates attached. These are primarily intended for Organizational Identity Sources to convey validity information about their records (the dates can be synced to a CO Person Role record via a Pipeline), though these dates may also be collected manually.
Organizational Identities with invalid dates may not be used to login to Registry, even if a valid login identifier is otherwise attached. Provisioners will not see Organizational Identity records with invalid dates (for the limited set of Organizational Identity data that provisioners are permitted to see).
CO Group Memberships
As of Registry v3.2.0, CO Group Memberships may have valid from and valid through dates attached. These may be manually populated, or synced via Organizational Identity Sources. CO Group Memberships outside of the specified validity dates will not be provisioned or usable for Registry authorization.
Note that the Registry Job Shell groupvalidity must be configured to run in order to reprovision records associated with a CO Group Membership whose validity status has changed.