Joiner, mover, leaver (JML)

What are joiners, movers, and leavers (JML)?

The joiners, movers, and leavers (JML) framework is an identity lifecycle management model that governs user access based on employment status and role changes. It defines how accounts, permissions, and privileges are provisioned for new users (joiners), adjusted when responsibilities change (movers), and revoked when users leave the organization (leavers).

JML is commonly implemented as part of identity and access management (IAM) or identity governance and administration (IGA) programs. Its goal is to ensure access is accurate, timely, and aligned to business roles throughout the user lifecycle, without relying on manual intervention.

How the joiners, movers, leavers (JML) process works

The joiners, movers, leavers (JML) process is the operational execution of the JML model. It consists of automated or semi-automated workflows triggered by workforce events, typically originating from an HR system. These workflows orchestrate identity creation, access assignment, access modification, and deprovisioning across directories, applications, and data systems.

A mature JML process integrates HR, IT, and security systems to ensure access decisions are consistent, policy-driven, and auditable. When implemented correctly, it eliminates delays, reduces helpdesk workload, and minimizes security gaps caused by stale or excessive permissions.

Understanding the JML lifecycle

The JML lifecycle represents the full progression of a user’s relationship with an organization from an access perspective. It consists of three core phases that must be governed continuously.

Joiner phase: A new user is onboarded. Digital identities are created, baseline access is provisioned based on role or attributes, and foundational security controls such as MFA and password policies are applied.

Mover phase: A user changes roles, teams, locations, or responsibilities. Existing access is reviewed, outdated permissions are removed, and new entitlements are granted to reflect the updated role.

Leaver phase: A user exits the organization. Accounts are disabled or deleted, access is revoked across systems, privileged rights are removed, and ownership of data or resources is reassigned.

The lifecycle is continuous rather than linear. Users may move multiple times, require temporary access, or transition into privileged or non-human identities, all of which must be governed consistently.

How to create a joiners, movers, leavers (JML) process

Creating an effective joiners, movers, leavers (JML) process requires close coordination between HR, IT, and security teams.

Begin by identifying authoritative sources of truth, typically the HR system, to trigger lifecycle events. Define standard roles and access profiles aligned with business functions, and automate provisioning and deprovisioning using workflows and connectors wherever possible.

For movers, implement controls such as access reviews and automatic removal of legacy permissions to prevent access creep. For leavers, prioritize rapid and complete access revocation across all systems, including cloud applications, directories, and privileged accounts.

Finally, embed auditing and reporting into every step. All identity changes should be traceable, time-stamped, and linked to an approval or policy decision to support security and compliance.

Use cases

• Healthcare: Ensure clinicians, contractors, and administrative staff receive timely access to electronic health records while enforcing immediate access removal when roles change or staff leave.
• Financial services: Support segregation of duties, reduce insider risk, and maintain auditable access controls aligned with regulatory requirements.
• Enterprise IT: Manage identity and access across hybrid environments, including on-premises directories, SaaS platforms, and cloud infrastructure, at scale.

How Netwrix can help

Netwrix Identity Manager helps organizations manage the full identity lifecycle for joiners, movers, and leavers using a structured, policy-driven approach.

Netwrix Identity Manager models identities using records, which provide a consistent foundation for managing access throughout the JML lifecycle. Joiner, mover, and leaver events are handled through configurable workflows or automated synchronization with authoritative HR systems, ensuring identity changes are timely, accurate, and controlled.

With Netwrix Identity Manager, organizations can automate onboarding, adapt access dynamically as roles change, and reliably deprovision access when users leave. Built-in governance, approvals, and audit trails help enforce least privilege, reduce access creep, and support compliance without slowing down business operations.