TL;DR: User lifecycle management platforms can speed onboarding, improve self-service access requests, and automate offboarding so IT teams spend less time on manual admin and more time on secure service delivery, according to Zluri. The governance issue is not automation itself but whether access workflows stay aligned to provisioning, approval, and deprovisioning controls.
NHIMG editorial — based on content published by Zluri: Lifecycle Management 3 Ways to Enhance IT Service Delivery with a ULM Platform Team
Questions worth separating out
Q: How should organisations automate user onboarding without creating access creep?
A: Use role-based onboarding playbooks that map each role to a predefined app bundle, then restrict exceptions to documented cases.
Q: When does self-service access become a governance risk?
A: Self-service becomes risky when approval rules are too broad, when the app catalog includes more than low-risk software, or when exceptions are never reviewed.
Q: What breaks when offboarding is not tied to a single leaver event?
A: If revocation, license removal, and SSO cleanup are handled separately, former users can retain access longer than intended and ownership transfers can be missed.
Practitioner guidance
- Standardise role-based onboarding playbooks Map each common role to a controlled app bundle, then review the workflow quarterly to make sure it still matches the current access model.
- Harden self-service approval rules Limit auto-approval to low-risk requests, define clear exceptions for higher-risk apps, and test whether seniority or department rules create access creep.
- Bind offboarding to a single leaver trigger Require revocation of apps, SSO access, and licenses to complete from the same termination event, then reconcile residual access across connected systems.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step workflow setup for onboarding and offboarding playbooks in the platform interface
- Specific task scheduling and save-as-playbook actions used to reuse lifecycle processes
- In-app app recommendation logic for role-based provisioning and mid-lifecycle changes
- Employee App Store request flow and approval automation details for self-service access
👉 Read Zluri's article on improving IT service delivery with user lifecycle management →
User lifecycle management for IAM teams: where the real gap sits?
Explore further
Lifecycle automation is only as strong as the governance model behind it. Zluri is describing process efficiency, but the real identity issue is whether provisioning and deprovisioning are policy-driven or just faster manual work. If workflows mirror weak approval design, the programme accelerates risk instead of reducing it. Practitioners should treat lifecycle automation as a control execution layer, not a substitute for control design.
A few things that frame the scale:
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure, according to The 2025 State of NHIs and Secrets in Cybersecurity.
A question worth separating out:
Q: Who should own lifecycle workflow governance in an IAM programme?
A: IAM, IT operations, and application owners should share accountability, but the workflow itself needs a single governance owner. That owner should ensure onboarding, access requests, and offboarding all follow the same policy model, with evidence that playbooks are reviewed and updated when the access environment changes.
👉 Read our full editorial: User lifecycle management and IT service delivery need tighter governance