Notifications
Clear all
Topic starter
12/06/2026 8:58 pm
TL;DR: Manual onboarding, offboarding, and approval workflows between HR and IT create delays, visibility gaps, and access errors that can leave employees without the right tools or keep access alive after departure, according to Zluri. The real issue is not productivity alone, but whether lifecycle governance can keep pace with identity changes.
NHIMG editorial — based on content published by Zluri: Lifecycle Management, 3 Strategies to Improve Productivity of HR and IT Teams
By the numbers:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should organisations automate onboarding without losing access control?
A: Start with authoritative HR data, then map it to policy-backed provisioning rules for baseline access.
Q: Why do offboarding failures create security risk even when accounts are eventually removed?
A: Because delayed revocation creates a window where access remains valid after the business need has ended.
Q: What do teams get wrong about ticket-based access approval?
A: They often treat the ticket as the control, when the control is really the policy and the ownership behind the approval.
Practitioner guidance
- Map joiner-mover-leaver ownership across HR and IT Define which team owns source data, provisioning triggers, access approvals, and revocation for each system class.
- Automate access provisioning from authoritative HR events Use the HR system as the source for joiner and mover events, then provision baseline access through policy-backed workflows.
- Require same-day revocation for leavers and role exits Make revocation an enforced workflow with ownership transfer, group removal, and SaaS deprovisioning in the same process.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- How the platform maps HR system data into onboarding and offboarding workflows across connected SaaS apps.
- How its playbook model is used to standardise routine access changes for recurring joiner and leaver tasks.
- How the employee app store model changes approval routing and delegation for routine requests.
- How Zluri positions the workflow impact for teams trying to reduce manual ticket handling.
👉 Read Zluri's article on HR and IT lifecycle automation strategies →
HR and IT lifecycle automation: what access teams need to fix?
Explore further
12/06/2026 10:43 pm
Lifecycle automation is not a productivity nice-to-have. It is the control plane for access integrity. When HR and IT operate in silos, the organisation does not just move more slowly, it makes identity state less trustworthy. The business consequence is that joiner and leaver events become partially manual exceptions rather than governed transitions. Practitioners should treat lifecycle orchestration as a core identity control, not a workflow convenience.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when HR and IT access handoffs fail?
A: Accountability should sit with the identity governance process owner, not with whichever team spots the problem last. HR owns source events, IT owns technical enforcement, and application owners own access decisions for their systems. When those responsibilities are not explicit, stale access and provisioning delays become routine.
👉 Read our full editorial: HR and IT lifecycle automation exposes the real access control gap
