User Lifecycle Management

Managing the Digital Persona

User Lifecycle Management (ULM) is the strategic orchestration of an identity’s journey through an organization—commonly known as the “Joiner-Mover-Leaver” (JML) process. ULM ensures that as a person’s relationship with the company changes, their digital presence mirrors those changes in real-time. By automating the transition between lifecycle stages, organizations eliminate “Permission Creep,” drastically reduce offboarding risks, and ensure that employees are productive from their very first hour on the job.

ULM

Identity Orchestration

Core Mission

Alignment of Reality and Access. Ensuring that the digital "Source of Truth" (the identity) is always in lockstep with the organizational "Source of Truth" (the HR record).

Like an Employee Passport: When you move to a new country (Join a company), you get a passport with specific visas. If you move to a new city (Change roles), your passport is updated with new residence permits. When you eventually leave the country (Resign), your passport is revoked at the border. The passport doesn't just grant access—it tracks your entire history and ensures your status is always legally verified.

JML Automation / HR Synchronization / Audit Readiness

The Lifecycle Strategy Matrix

The complexity of your lifecycle management depends on the level of automation and the authoritative source of your user data.

Strategic Management Comparison

Model	Trigger	Authority	Operational Effort
HR-Driven	Change in HR System (API).	HR Management System.	Lowest (Full Automation)
Self-Service	User requests via portal.	The User + Approver.	Medium
Helpdesk-Led	IT Ticket / Manual entry.	Admin / IT Policy.	Highest (Manual)
Event-Driven	Webhooks from external apps.	Ecosystem Events.	Low

The JML Journey

A mature lifecycle system manages the transition between three emotional and technical phases of an employee’s tenure.

1

Join (Onboarding)

The "Birthright" phase. Based on job title and location, the system automatically creates accounts in the directory and grants access to core apps like Email, Slack, and HR portals.

2

Move (Transition)

The "Cleanup" phase. When a user changes departments (e.g., Marketing to Sales), the system removes old, irrelevant permissions while simultaneously granting new, role-appropriate ones.

3

Leave (Offboarding)

The "Revocation" phase. A single "Kill Signal" from the HR system triggers a global deprovisioning event—locking accounts, killing active sessions, and reclaiming licenses across the fleet.

---

Technical Lifecycle Guides

Master the implementation of automated Joiner-Mover-Leaver workflows.

Provisioning Patterns

The technical mechanisms (Push, Pull, Sync) used to execute lifecycle transitions.

Secure Offboarding

Deep-dive into the critical security protocols for account termination and data cleanup.

Identity Governance

Using IGA platforms to audit and certify lifecycle changes for compliance reporting.

Role-Based Access

Designing the role structures that make automated "Birthright" provisioning possible.

Next Steps

• Explore Contractor Lifecycles for managing external and temporary identities.
• Review Rehire Scenarios for elegantly handling returning employees.
• Check Pre-Hire Onboarding for enabling access before the official start date.