What Is Identity Lifecycle Management?
Identity lifecycle management is the process of provisioning, adjusting, and revoking an identity’s access as its role changes over time. It’s commonly described by its three stages, joiner, mover, leaver (JML): access is granted when someone joins, adjusted when they change roles, and revoked when they leave.
IGA platforms typically automate this by treating an HR system as the source of truth: a new-hire event triggers provisioning, a role-change event triggers an access adjustment, and a termination event triggers deprovisioning, all without a manual ticket for each step.
The lifecycle breaks down in two common ways. A leaver event that doesn’t fully process leaves an orphaned account with active access and no current owner. A mover event that only adds access without removing what’s no longer needed produces privilege creep, where an identity accumulates permissions from every past role it’s held. Non-human identities have no HR-driven trigger at all, which is why lifecycle automation alone doesn’t reach them, and continuous discovery has to fill that gap.