Identity Lifecycle 101 – Getting Joiners, Movers, and Leavers Right
A lot of security trouble starts with something very ordinary. Someone joins, moves teams, or leaves, and their access does not quite match their new reality. A contractor keeps a remote access account months after their project ends, or a developer quietly collects permissions as they rotate through teams. On a normal weekday it just looks like routine human resources and IT work. When an incident hits, it suddenly looks like a major gap in basic identity hygiene. This Insight is part of the Tuesday “Insights” feature from Bare Metal Cyber Magazine, developed by Bare Metal Cyber, and it takes that everyday story and turns it into a clear way to think about identity risk.
Identity lifecycle management (I L M) is the name for the set of processes and tools that control how a person’s digital identity is created, changed, and eventually removed across your systems. Instead of being a single product, it is a chain of events that starts when someone first appears in your records and ends when they no longer need access anywhere. I L M connects people data, such as human resources records and contractor rosters, to technology systems such as directories, cloud platforms, and business applications. When it works well, changes happen once at the source and ripple out in a controlled way instead of being retyped into every system by hand.
In practice, I L M is a mix of process, governance, and technology. The process side sets expectations like who approves access, how long accounts should stay active, and what “day one ready” looks like for a new hire. Governance defines roles, responsibilities, and policies so that human resources, managers, IT, and security know which parts they each own. Technology then ties it together, usually with identity platforms, directories, human resources systems, and workflow tools that can orchestrate changes. People often confuse this with simple account provisioning or with broad role-based access control, but those are only pieces. I L M is bigger than a helpdesk queue for account requests and bigger than a spreadsheet of roles.
A simple way to see the scope is to break it into three stages that map directly to everyday work. Joiners are the people who are coming into the organization and need accounts and access for the first time. Movers are the people whose roles change, whether that is a promotion, a lateral move, a project rotation, or a change in location or manager. Leavers are the people whose contract or employment ends, or whose relationship with your organization changes so that they should no longer have access. If your approach does not meaningfully address all three, then you are really just handling identity events one ticket at a time, not running an identity lifecycle.
Under the covers, most I L M patterns start from a single system of record for people, most often the human resources platform. When human resources creates or updates a person’s record, that change becomes the trigger for identity events. Integrations feed that data into a directory or identity provider, which then drives account creation, group membership, and application access. The guiding idea is that a person’s status and attributes are mastered in one place, and everything else listens and reacts. When the plumbing is set up this way, a name change, department change, or end date do not live in a file cabinet; they drive real technical changes.
For joiners, I L M uses business rules to decide what access a new person receives on day one. Those rules might consider department, job title, location, employment type, and who the manager is. A joiner workflow can create an account in the main directory, place it into standard groups, assign baseline applications, and notify the manager that the person is ready to go. Where access is sensitive, such as for finance systems or administrator roles, approvals are built into the flow, so that no high risk access is granted silently. The result is a new hire experience that feels smooth but is also consistent and auditable.
Mover flows apply similar thinking to changes instead of first starts. When a person moves from one department to another, steps into a new role, or changes regions, I L M watches for updates to the attributes that matter. The lifecycle engine can add what is needed for the new responsibilities and remove what no longer fits, rather than simply piling new permissions on top of the old. For leavers, the trigger is usually an end date or a status change in the human resources record. That event should lead to disabling accounts, revoking tokens, removing group memberships, and in some cases transferring ownership of files, mailboxes, or tickets to someone else, so that work can continue without leaving abandoned access behind.
All of this depends on a few big assumptions that are easy to overlook. The people data must be timely and accurate, so that the technical changes reflect reality instead of yesterday’s organization chart. Integrations between systems must be reliable and monitored, or else changes sit in a queue and access drifts away from the truth. There also has to be a shared understanding of which attributes drive which access, otherwise every change becomes a negotiation. When those assumptions are weak, I L M becomes fragile and teams fall back to email and ad hoc tickets.
You can see the value of I L M most clearly in simple everyday scenarios. One of the most visible is giving new hires what they need on day one. When joiner rules are defined and tested, a new analyst or engineer logs in to find the same baseline tools and permissions as their peers, rather than starting from an empty desktop. That cuts down on frustration and on the temptation to work around the system with personal accounts or unapproved tools. It also makes it easier to explain and defend who has access to what, because the pattern is consistent.
A very practical quick win is to tighten how leavers are handled. Moving from ad hoc offboarding tickets to an automated leaver workflow can shrink the time between human resources marking someone as inactive and disabling their main accounts from days to minutes. Even if the early scope is small, such as the primary directory, email, and remote access, that step alone closes some of the most common and easily exploited gaps. Over time, more applications and services can be folded into the same pattern, so that offboarding becomes a standard routine rather than a special project every time someone leaves.
On the more strategic side, I L M enables cleaner access patterns for complex environments. Defining standard access bundles for common roles means that movers who change assignments get the access expected for their new work without carrying permissions from every previous job. When lifecycle rules and periodic access reviews work together, managers get a clearer view of what each person has and why, and they can spend review time on exceptions instead of the basics. In cloud-heavy organizations, the same patterns extend to identities inside infrastructure and software as a service, so that cloud accounts follow the same joiner, mover, and leaver logic as on premises accounts.
When I L M is working well, it quietly supports both productivity and security. New joiners arrive to find their tools ready, their accounts set up, and their access aligned with the work they will actually do. That reduces manual work for IT and lowers the chance that people will invent side channels to get things done faster. At the same time, access is more predictable. Standard bundles and clear rules make it easier to explain why a given permission exists, which helps with audits, segregation of duties, and broader initiatives such as zero trust and privileged access management.
There are real trade-offs. Building out I L M often means investing in the glue between human resources, directories, and applications, and in the time it takes to define roles, policies, and ownership. Teams may have to move away from a culture where any manager can request anything at any time, toward more structured access design. Some people experience that shift as a loss of flexibility, at least at first. There are also hard limits. I L M cannot repair broken job design, incorrect people records, or a lack of clear owners for critical systems. Marketing material may promise simple automation, but in reality, lifecycle management is an ongoing governance practice.
The ways I L M fails are surprisingly consistent. One of the most common is “tool deployed, process unchanged,” where an identity platform is installed but everyone keeps sending access changes through email. In that state, joiners may be created in multiple places, movers keep old access after every role change, and leavers are disabled in some systems but not others. Another failure mode is relying entirely on manual, ticket-driven workflows even when reliable triggers already exist in human resources or directory data. That approach leads to inconsistent decisions and slow changes, and it encourages permission hoarding because removing old access feels risky and time consuming.
A more subtle problem is shallow adoption that only covers joiners and leavers while ignoring movers. If your processes are good at creating and disabling accounts but weak at adjusting access as roles change, risk quietly accumulates in the middle of the lifecycle. People keep access to systems and data that made sense two jobs ago, simply because no one was responsible for taking it away. Healthy signals look very different. Attributes in the people system map cleanly to access patterns. Movers’ access changes quickly and predictably when their role or department changes. Offboarding time is tracked and measured in minutes or hours instead of days, and managers can describe their team’s access in simple language tied back to defined roles.
At its heart, identity lifecycle management is about keeping each person’s access rising and falling with their real role in the organization, no more and no less. It lives at the intersection of human resources, IT, and security, using people data and clear rules to keep accounts, groups, and applications in step with how work actually happens. When joiners, movers, and leavers are handled as a deliberate lifecycle instead of a series of one-off tickets, you reduce avoidable risk and make life easier for your colleagues at the same time. As you think about your own environment, it is worth asking whether access still reflects every step a person has taken in their journey, or whether it accurately matches who they are and what they do today.