What is the joiner-mover-leaver process in access management?

The joiner-mover-leaver (JML) process governs how user access is granted, modified, and revoked throughout an employee's lifecycle. Joiners receive role-appropriate access during onboarding. Movers have permissions adjusted when they change teams or positions. Leavers have all access revoked upon departure. A well-executed JML process prevents orphaned accounts, which a 2024 Ponemon Institute study found exist in 76% of organizations and take an average of 116 days to discover.

Why is the "mover" stage the most overlooked access risk?

When employees change roles, they typically gain new access for their new position but rarely lose access from their previous role. This creates "permission creep" where users accumulate privileges far beyond what their current job requires. Over a career spanning multiple internal moves, an employee might retain access to systems across four or five departments. Auditors specifically test for this, and it violates the least privilege principle required by ISO 27001, SOC 2, and most regulatory frameworks.

Joiner-Mover-Leaver Awareness

Manage access rights through role transitions.

What You'll Learn

Provision new employee access based on role-appropriate entitlements without defaulting to "same as the last person in this role"
Remove stale permissions when employees change roles, applying the principle that access transfers are not additive
Execute offboarding access revocation across all systems, including shared accounts, cloud services, and physical access within the required timeframe
Identify common workarounds and exceptions that create access drift, such as shared credentials and manager-granted ad hoc permissions
Coordinate across HR, IT, and department managers to ensure no gaps between role change approval and actual access modification

Training Steps

A New Role at Crestfield

Welcome to Crestfield Insurance! You are Alice, who has been with the company for four years. You started in Claims Processing, moved to Underwriting two years ago, and have just been promoted to Senior Risk Analyst in the Enterprise Risk team. Each role transition meant changes to your system access - but have those changes always been handled correctly?
The JML Training Notification

As part of her role transition, Alice receives an email about required Joiner-Mover-Leaver (JML) awareness training. This training is mandatory for all employees who have recently changed roles.
Logging Into the IAM Portal

The Identity and Access Management (IAM) Portal opens. This centralized system manages all employee access throughout their lifecycle at Crestfield. Alice uses her password manager to log in securely.
Understanding JML

The training portal displays an overview of the Joiner-Mover-Leaver lifecycle. Let's examine each stage of the employee access journey.
The Risks of Poor JML

The portal highlights real-world consequences of improper access management. Each risk represents a common security gap that attackers actively exploit.
A Real Breach Example

The training shares a case study from the insurance industry: Case: Orphaned Account Breach An insurance company failed to revoke access for a claims adjuster who resigned. Three months later, attackers purchased the former employee's credentials from a dark web marketplace (from an unrelated data breach where the employee reused their work password). Using the still-active account, attackers accessed 50,000 customer records over several weeks before detection. Root cause: No automated JML process - HR notified IT via email, which was missed.
Your JML Responsibilities

The portal displays your responsibilities as an employee during JML events: As a Mover (Role Transition): Notify your manager of any access you no longer need Complete access certification reviews promptly Report if you still have access to old systems after transitioning Never use old access 'just in case' - request temporary access properly Helping Colleagues: If a departing colleague asks to 'use your login,' decline and report it If you notice a former employee still has access, report it to IT Never share credentials during knowledge transfer
Manager Responsibilities

The training explains what managers must do during JML events: For Joiners: Submit access requests before start date Specify only the access needed for the role Review and approve provisioned access For Movers: Review current access and request removal of unneeded permissions Submit new access requests for new role requirements Complete the transition within 5 business days For Leavers: Notify HR and IT immediately upon resignation/termination Ensure knowledge transfer happens without credential sharing Verify access revocation is complete before last day
Your Access Status

As part of your role transition, the portal shows your current access status: Access Being Removed (Previous Roles): Claims Processing System (Read/Write) - Revoked Claims Approval Queue (Approver) - Revoked Underwriting Portal (Full Access) - Flagged for removal Policy Rating Engine (Analyst) - Flagged for removal Access Being Granted (New Role): Enterprise Risk Dashboard (Analyst) - Pending approval Risk Assessment System (Senior Analyst) - Pending approval Regulatory Reporting Portal (Viewer) - Pending approval
Flagged Access Requiring Action

The portal highlights access that requires your confirmation: Underwriting Portal (Full Access) You had full access from your Underwriting role. Your manager has flagged this for removal, but the system detected you accessed it last week. Question: Do you still need this access for your new role? Alice considers: Her new role in Enterprise Risk doesn't require direct underwriting access. She can request temporary read-only access if needed for specific projects.

What You'll Learn

Training Steps

A New Role at Crestfield

The JML Training Notification

Logging Into the IAM Portal

Understanding JML

The Risks of Poor JML

A Real Breach Example

Your JML Responsibilities

Manager Responsibilities

Your Access Status

Flagged Access Requiring Action