Skip to content
Insights

Joiners, movers, leavers - the three moments that matter

The identity lifecycle comes down to three events. Get them right and the rest takes care of itself.

Klef Team
Klef · Jun 12, 2026 · 1 min read

Almost everything in identity management reduces to three moments in a person's time at a company.

Joiners

A new hire should have the right accounts, licenses, and group memberships on day one — derived from their role, not a ticket. The HRIS is the source of truth; Klef turns "hired in Workday" into "provisioned in Entra, Microsoft 365, and Google Workspace" automatically.

Movers

Role changes are the quiet risk. Someone moves from Sales to Engineering and keeps their old access plus gains the new — privilege creep, one promotion at a time. Field-level sync means a department change updates downstream attributes and group membership, not just an org chart.

Leavers

Deprovisioning is where speed is security. When someone leaves, access should close the same hour — every system, no orphaned accounts, with an audit trail to prove it.

Get these three right, consistently, and identity stops being a backlog.

Share

Stay in the loop

New writing on identity lifecycle automation, in your inbox. No spam — unsubscribe anytime.