Access Lifecycle Chaos: Why Joiner–Mover–Leaver (JML) Processes Break at Scale

When a new employee joins, it takes us 3–5 days to provision all their access. When someone leaves, we hope their access was removed.

This isn’t rare, it’s the norm. Organizations of every size rely on patchwork JML (Joiner–Mover–Leaver) processes that simply don’t scale past 100–200 users. As user numbers grow and complexity increases, manual and semi-automated approaches collapse, creating significant operational, security, and compliance issues.

Thesis: As organizations scale, JML processes that aren’t deeply automated and integrated across systems become unsustainable. The result? Inconsistent access, dormant accounts, audit failures, “zombie” users—and massive risk for the entire business.

What Is a Joiner–Mover–Leaver (JML) Process?

The JML process is the backbone of identity lifecycle management—the discipline that ensures every user has the right access, always, and never more than necessary.

• Joiner: Provision access on Day 0/Day 1 for incoming employees, contractors, or vendors—ensuring they are productive from the start.
• Mover: Modify access when users change roles, departments, projects, or physical locations, adjusting permissions to match current responsibilities.
• Leaver: Instantly revoke all access when a user leaves, is terminated, or completes a contract—removing every possible backdoor to your data.

Each JML event is a critical security and compliance checkpoint. Gaps allow toxic combinations of permissions, “shadow IT,” and non-compliant access to proliferate, putting the business at risk.

For a deep dive into evaluating identity management solutions, see the Access Lifecycle Management Buyer’s Guide.

Why JML Processes Break as You Scale

1. Siloed HR, IT, and Identity Systems

HR systems hold the authoritative record for employment status, but IT teams manage application and infrastructure access through directories, SSO portals, and ticketing workflows. Identity governance tools—if present—often have incomplete visibility.

Without tight integrations and bidirectional syncs, access changes rarely reflect role or status changes in real time. A recruiter leaves the company, but still has access to confidential candidate databases because the HR system didn’t notify IT quickly enough.

2. No Real-Time Triggers from HRMS

Most organizations today rely on batch files, CSV extracts, or ticket queues from HR for joiner and leaver events. This delay can stretch hours or, dangerously, days.

This window of risk is often exploited in high-stakes scenarios—especially for sudden terminations or for users with privileged roles.

3. Mover Events Are Underrated and Dangerous

When users are promoted, transferred, or seconded to new projects, access should be adjusted, not just added on. But often, previous permissions linger. The result: users accumulate overlapping access from previous roles, increasing the risk of excessive privilege, segregation of duties (SoD) violations, and audit findings.

4. Offboarding Is Incomplete and Inconsistent

Offboarding is typically ticket-driven, dependent on someone remembering to initiate a service request. Contractors are particularly vulnerable to falling through the cracks—leaving behind orphaned SaaS accounts.

Unmonitored “zombie” accounts in platforms like GitHub, Salesforce, or AWS can remain active for months, representing a major data breach risk—and, in many cases, a continued license cost.

5. Manual Effort Doesn’t Scale

Spreadsheets, ticketing queues, and manual checklists can barely keep up when your user base is modest. But as you cross 500, 5,000, or 50,000 users, these processes trigger IT bottlenecks, delayed onboarding, elevated error rates, and compliance blind spots.

What a Scalable, Automated JML Process Looks Like

To break out of the cycle of chaos, organizations need to re-imagine JML as a cross-functional, policy-driven automation—supported by the right architecture.

1. HRIS as the Source of Truth

Modern identity platforms integrate directly with HR systems (e.g., Workday, BambooHR), syncing workforce data in real-time. Day 1 provisioning is automatic—driven by the user’s organizational unit, department, or location.

2. Policy-Based Role Assignment

Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) govern who gets which access, and for how long. When users move, permissions are replaced, not just added. For leavers, automated deprovisioning eradicates lingering privileges—not just in core IT, but across apps, cloud platforms, and shadow IT.

3. Lifecycle Rules + App Connectors

Lifecycle automation means:

• Contractors and temporary workers have time-bound access that auto-expires.
• Sensitive roles trigger scheduled access reviews.
• Integration covers every cloud/SaaS stack, from Okta and Google Workspace to AWS, Jira, and beyond.

4. Centralized Audit Logs and Evidence

Every access grant, modification, or revocation is logged—capturing who, when, why, and from what source. For SOX, ISO 27001, and SOC 2 audits, IT and compliance can instantly produce immutable evidence—no more sifting through sprawling email threads.

Real-World JML Failures: What Happens When It Breaks

Failure to get identity lifecycle right has direct—and often devastating—consequences:

• Example 1: An employee leaves, but still has access to financial systems three months later. Result: sensitive data exposure, potential fraud, not to mention a massive compliance violation.
• Example 2: A manager is promoted but retains legacy access. New permissions conflict with old, violating SoD principles and triggering a failed audit.
• Example 3: Contractors’ accounts are never deprovisioned, leading the company to pay for licenses that are never (legitimately) used—wasting thousands to millions per year.

How BalkanID Solves Joiner–Mover–Leaver Lifecycle Chaos

BalkanID delivers an automation-first approach to JML identity lifecycle challenges:

• HRIS Integration: Native sync with Workday, BambooHR, SAP SuccessFactors—delivering real-time, event-driven changes from HRIS to identity platforms.
• Lifecycle Automation: Zero-touch provisioning, access modification, and instant revocation for joiners, movers, and leavers.
• Cross-App Visibility: Unified visibility and control—across cloud, on-premises, and even disconnected apps—for every user and entitlement.
• Policy Enforcement: Granular rules by role, department, or geography; eliminate privilege creep and support least-privilege models.
• Audit-Ready Evidence: Every action is auto-logged and exportable, simplifying ITGC, SOX, SOC 2, and ISO compliance.

For a step-by-step evaluation, see the Access Lifecycle Management Buyer’s Guide.

Final Word: JML Is Not a Workflow. It’s a Risk Surface

In today’s hybrid, cloud-first world, identity is the new perimeter. JML isn’t just an operational flow—it’s a primary source of business risk. Failing to automate and enforce consistent access lifecycle management doesn’t just slow down business—it leaves organizations exposed.

The only sustainable approach is automation, policy enforcement, and unified visibility across all identity lifecycle events.