Identity Governance and Provisioning
Explore how identity lifecycle management — from onboarding to offboarding — prevents orphaned accounts and access creep through automated provisioning.
What Is Identity Governance?
Identity governance is the framework of policies, processes, and technologies that manage digital identities throughout their lifecycle — ensuring that the right people have the right access to the right resources for the right reasons. It answers three critical questions: Who has access to what? Should they have it? What are they doing with it? Identity governance is required by regulations like SOX, HIPAA, and GDPR that mandate demonstrable access controls.
Identity Lifecycle: Joiners, Movers, Leavers
The identity lifecycle is often described as the Joiner-Mover-Leaver (JML) model. A Joiner is a new employee who needs accounts provisioned. A Mover has changed roles and needs access adjusted — old permissions removed, new ones granted. A Leaver has left the organization and all accounts must be promptly disabled and eventually deleted. Each transition must be triggered automatically by the HR system to prevent delays that create security gaps.
# Identity lifecycle events (SCIM provisioning example)
# Joiner: HR system creates employee record -> IGA triggers:
# - Create AD account
# - Assign role-based groups
# - Provision email and VPN access
# Leaver: HR marks termination -> IGA triggers:
# - Disable AD account immediately
# - Revoke VPN and email access
# - Remove from all groups
# - Schedule account deletion after 30 daysAll lessons in this course
- Directory Services: LDAP and Active Directory
- Privileged Access Management (PAM)
- Identity Governance and Provisioning
- Just-in-Time Access and Conditional Access Policies