Automated onboarding and offboarding at BJ's: what IAM teams should note

TL;DR: BJ’s Wholesale Club says automation around onboarding and offboarding reduced manual access ticket volume by 80%, improving employee experience and lowering identity risk according to SailPoint. The real lesson is that workflow automation only helps when it is tied to lifecycle governance, not treated as a substitute for access control discipline.

NHIMG editorial — based on content published by SailPoint: BJ’s Wholesale Club Delivers Savings and Automation with Identity Security

Questions worth separating out

Q: How should security teams automate onboarding and offboarding without losing control?

A: Security teams should automate onboarding and offboarding by tying workflow triggers to authoritative identity events, approved role models, and explicit revocation logic.

Q: Why does access automation improve IAM programmes only when governance is already defined?

A: Access automation improves IAM programmes when the underlying roles, approvals, and revocation rules are already clear.

Q: What breaks when organisations automate ticket handling but not entitlement design?

A: When organisations automate ticket handling without fixing entitlement design, they scale the speed of access decisions while leaving overprovisioning, exceptions, and stale access intact.

Practitioner guidance

• Automate the highest-volume lifecycle tasks first Start with onboarding and offboarding workflows that currently depend on manual tickets.
• Validate revocation, not just provisioning Confirm that deprovisioning actually removes access from applications, groups, and downstream entitlements instead of only closing the front-end request record.
• Review role design before expanding automation Check whether automated workflows are issuing overly broad access because roles and approval paths were never tightened.

What's in the full article

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

• A customer perspective on how onboarding and offboarding automation was introduced in practice.
• The identity security workflow changes that reduced manual access ticket handling across the business.
• A short video walkthrough with the customer voice behind the automation story.
• The business context for why employee experience and risk reduction were linked in the programme.

👉 Read SailPoint's blog on BJ's identity automation and access ticket reduction →

Automated onboarding and offboarding at BJ's: what IAM teams should note?

Explore further

View Full Forum →  |  NHI Foundation Course →