TL;DR: Mover events are still the least automated part of identity lifecycle management, with most organisations relying on Slack messages, manual tickets, or memory for promotions, transfers, leave coverage, and project-based access changes according to Zluri. The governance gap is not the absence of policy, but the lack of visibility and triggers needed to remove access as deliberately as it is granted.
NHIMG editorial — based on content published by Zluri: Movers Are the Orphan Child of Identity Management
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: How should security teams manage mover events in identity lifecycle programmes?
A: Security teams should manage mover events by computing the entitlement delta, not by manually adding new access and hoping old access is removed later.
Q: Why do mover events create privilege creep so quickly?
A: Mover events create privilege creep because each internal change usually adds new access while removal is delayed, incomplete, or forgotten.
Q: What breaks when organisations treat movers like joiners and leavers?
A: What breaks is the assumption that the identity has a single clear destination state.
Practitioner guidance
- Inventory actual entitlements before automating mover workflows Map what users really hold across SaaS, cloud, shared credentials, OAuth grants, and application roles before you define mover playbooks.
- Wire HR field changes to removal-plus-addition playbooks Use department, title, location, and leave-status changes as triggers for sequenced revoke and provision steps, with the revoke step completing before the new scope is finalised where segregation of duties matters.
- Make temporary grants expire at approval time Require Access Duration or an equivalent expiry condition for coverage, emergency, and project access so the end date is enforced automatically instead of being left to manual review.
What's in the full article
Zluri's full article covers the operational detail this post intentionally leaves for the source:
- The exact trigger logic Zluri describes for HRMS-driven mover automation across designation, department, location, and leave status changes.
- The access request flow for event-based mover access, including business justification, automatic routing, and task assignment for manual apps.
- The role of the Access Duration field in forcing time-bound access decisions at grant time instead of during later review cycles.
- The product-specific sequencing Zluri uses to deprovision old access and provision new access when HR changes occur.
👉 Read Zluri's analysis of why mover events are identity management's blind spot →
Mover events: what IAM teams are missing between joiners and leavers?
Explore further
Mover access is a lifecycle blind spot, not a policy gap. The article shows that organisations often have joiner and leaver processes, but no comparable control path for internal moves, temporary coverage, or project reassignment. That means the control failure is not the absence of identity policy, but the absence of a dependable mechanism to translate a change in role into a change in effective privilege. For IAM teams, the issue is whether the lifecycle model can keep pace with the way work actually changes.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: Who is accountable when mover access is left behind after a role change?
A: Accountability sits with the identity governance process owner, because mover leakage is a governance design failure rather than a single user error. Where the HR event exists but no workflow acts on it, the organisation has chosen manual dependence over enforceable lifecycle control. That creates an audit issue, not just an operational inconvenience.
👉 Read our full editorial: Mover events are the missing control in identity lifecycle governance