Skip to content
IAM glossary

Joiner-Mover-Leaver

Also known as: JML

Governance

JML describes the identity lifecycle: granting access when someone joins, adjusting it when they move roles, and revoking it when they leave. Mature programs automate these actions from an authoritative source such as the HR system.

Why it matters

Manual lifecycle handling is where standing access and orphaned accounts accumulate. Automating JML reduces risk and ensures access actually ends when employment does.

See it in motion

Alex Rivera

Sales Associate

Access entitlements

Email & TeamsVPNHR PortalSales CRM

Automated actions

  • Account created from the HR record
  • Birthright groups assigned by role
  • Mailbox & Teams provisioned
  • SaaS apps provisioned via SCIM
  • MFA enrollment invitation sent

Joiner: A new hire's identity is created and provisioned automatically.

Related terms

Role-Based Access ControlAccess Review (Attestation)Identity Automation (Graph / PowerShell)
Back to glossary

Ready to secure your identity foundation?

Book a free 30-minute discovery call. We'll talk through your environment and where the biggest wins are — no obligation.

Schedule a ConsultationExplore Services
Book a Call