Skip to Main Content

Essentials of Joiner-Mover-Leaver Functions

Authored by Jerry Aubel, Senior Product Marketing Manager

Imagine this – You’re attending the Identity Security equivalent of the Oscars. Anticipation is palpable as the host begins to announce the winner of the coveted “Identity Process of the Year” award…and the winner is Joiner-Mover-Leaver!

Perhaps that’s a geek pipedream. But even if joiner-mover-leaver (JML) policies aren’t hobnobbing on the red carpet, they can still be a significant asset in helping organizations improve operations and enhance security.

My last blog discusses role management and the benefits of a role-based access control model. Today I’ll look at how sound and automated JML policies and processes can deliver an excellent business user experience, reduce identity risk, maintain compliance, and cut IT cost. 

The JML process, just like other identity and access management processes, starts with data, usually from an HR system or Active Directory. When a new employee joins an organization, the SailPoint Identity Security Cloud solution can set up and grant a user the correct bundle of access and entitlements for their role (‘birthright access’) based on HR data so that they can be productive starting on day one.

What happens when an employee moves within an organization? For instance, if Bob moves from the Acme Marketing department to Finance, SailPoint Identity Security Cloud can grant Bob access to applications based on his new role (i.e., invoicing or accounts payable resources) while also revoking his access to previous resources automatically to help avoid overprovisioning. The solution delivers application-specific access policy management with fine-grained controls.

Automating Provisioning Actions

Imagine all this happening without human intervention: the solution takes a trigger from an HR system and does the rest. At the pandemic’s beginning, we heard of customer cases where an enterprise had to move nearly its entire staff to remote workers overnight. This task could have strained manual provisioning processes and access controls, but with SailPoint Identity Security Cloud, the access changes took only minutes.

The solution provides visibility and dashboards to let admins and executives gain insight from user actions, such as the number of JML transactions, breakdowns of cost savings through automation, and the ROI of the solution. Identity Security Cloud is flexible, simple to deploy, and provides for the creation of JML rules through a straightforward and configuration-based approach. Users can create time-bound rules to revoke or disable access for temporary leavers, for intermittent contractors exiting and rejoining an enterprise, and even for machine or non-human accounts.

SailPoint Identity Security Cloud delivers confidence to the organization. Confidence in automating processes, ensuring that only the right users have access to the proper entitlements based on their roles, and trust in minimizing risk from orphaned or overprovisioned accounts. Additionally, the solution can save software licensing costs by automating the deletion of leaver accounts.

Automating your JML processes can help your organization maintain a strong security posture, lower costs, and reduce identity risk to your business. 

Want to see how your identity security program stacks up? Check out our 6-question Maturity Assessment to measure your current identity capabilities and identify the gaps to start your identity transformation!