Article

Joiner-Mover-Leaver

Home
The Siit Glossary
Joiner-Mover-Leaver
Article Sections

What is Joiner-Mover-Leaver?

Joiner-Mover-Leaver (JML) is an identity lifecycle management framework governing how user accounts, permissions, and access rights are provisioned, modified, and revoked as employment status changes. It covers events when someone joins an organization (Joiner), changes roles or departments (Mover), or departs (Leaver).

The framework sits at the intersection of HR operations and IT service management: HR systems track lifecycle events, while IT provisions, adjusts, or revokes access across connected systems in response.

Key Takeaways

  • Three Lifecycle Stages: Joiner (provision), Mover (modify), and Leaver (revoke) events tied to HR-driven employment changes.
  • HRIS-Triggered: The HRIS initiates every downstream JML workflow across IT, Finance, and Facilities.
  • Identity and Access Scope: Covers accounts, permissions, and equipment across every system the employee uses.
  • Cross-Departmental Process: Handoffs span HR, IT, Finance, Legal, Facilities, and the manager at every phase.

Why Joiner-Mover-Leaver Matters

Every employment event has identity and access consequences. When JML breaks down, the fallout is security gaps, compliance failures, and productivity drag.

  • Security Exposure: Research finds roughly half of ex-employees retain access after departure, and around 20% of companies report breaches tied to former employee accounts.
  • Segregation of Duties: Unmanaged role transitions accumulate permissions until employees can approve and execute the same action, enabling fraud.
  • Delayed Onboarding: Manual provisioning can leave new hires without VPN or tools for up to a week after Day 1.
  • Coordination Overhead: Each lifecycle event spans HR, IT, Finance, Facilities, and Security; manual handoffs multiply cost at scale.

Joiner-Mover-Leaver in Action

A mid-size tech company hires a product designer. HR creates the BambooHR record on Wednesday. Without a structured JML process, IT learns via Slack, chases the hiring manager for project access, misses the MDM profile on the MacBook, and the designer starts Monday with half the access they need.

Three months later, the designer moves from Product to Marketing, but the HRIS department change never cascades to IT. Product repositories stay accessible; Marketing tools remain unprovisioned.

A year later, a senior engineer resigns. IT disables Active Directory, but API tokens to three SaaS tools and an AWS credential stay live. A security audit later flags the orphaned access.

How Siit Supports Joiner-Mover-Leaver

Siit connects HRIS lifecycle events to the IT, Finance, and Facilities systems where access and equipment actually change.

  • HRIS as Trigger: Siit connects to BambooHR, Workday, HiBob, and Rippling, turning new hire, role change, and termination records into downstream workflows.
  • Account Provisioning and Revocation: Siit applies access changes across Okta, Google Workspace, Microsoft Entra ID, and JumpCloud through IAM integrations.
  • Equipment Lifecycle: MDM integrations with Jamf, Intune, and Kandji handle laptop assignment, profile enrollment, and device recovery via the Equipment Object.
  • Cross-Departmental Orchestration: AI orchestration routes approvals, coordinates Finance and Facilities tasks, and handles multi-step handoffs without manual Slack pings.
  • Audit Trail and Reporting: Every step is logged with timestamps and responsible parties, producing the audit trail compliance frameworks require.

The result: onboarding, role changes, and offboarding run end-to-end without IT managers stitching together Slack messages, email chains, and spreadsheets.

Want to automate Joiner-Mover-Leaver workflows across IT, HR, and Finance without the manual coordination overhead? Book a demo to see how Siit orchestrates the full employee lifecycle end-to-end.