JoinerS MOverS LeaverS

Automate the Entire Identity Lifecycle

Q: Does Lumos support automated provisioning for new hires (Joiners)?

Yes. Lumos ensures Day 1 readiness by automatically creating accounts in your primary directory (Entra ID, Okta, AD), their primary email ID, and relevant SaaS apps as soon as the user is created in the HRIS system.

Q: How does Lumos handle internal role changes (Movers)?

Lumos puts the Mover process on autopilot to prevent access accumulation. A change in your HRIS, such as Workday, automatically triggers the appropriate role and group changes, ensuring employees instantly get the new access they need while losing access they no longer require.

Q: What happens when an employee leaves the company (Leavers)?

Lumos enforces a secure, zero-touch off-boarding process. On the user's designated last day, the system automatically disables accounts and removes access across your directories and SaaS applications, closing security gaps immediately.

Q: How is Lumos different from Okta Lifecycle Management?

Okta manages access to apps behind the SSO. Lumos goes deeper. We manage fine-grained permissions like roles, groups, project levels, and can provision or de-provision apps that aren't connected to Okta (via direct API or browser agents), giving you complete coverage.

Q: What happens if a manager forgets to approve a request?

Lumos builds gentle reminders and escalations into the workflow. If a request sits in Slack for too long, the bot reminds the approver. You can also configure fallback approvers or auto-expiry rules to ensure requests never get stuck in limbo.

Q: Can Lumos handle Leavers who turn into contractors?

The role of IGA is to ensure secure, compliant, and efficient access to resources across an organization. It enables IT and security teams to manage the entire identity lifecycle, enforce access policies, reduce overprovisioning, and streamline audits. With Lumos, the role of IGA expands: integrating automation, visibility, and AI into one unified platform that transforms identity governance from a manual chore into a strategic advantage.

From offer letter to exit interview, automate every access decision with Joiner-Mover-Leaver workflows. Ensure employees are productive on day one, secure during role changes, and instantly off boarded when they leave.

Get a Demo

Trusted by the Industry’s Best

JML Workflow Orchestration That Connects HR, IT, and Security

Lumos orchestrates Joiner-Mover-Leaver workflows across your HRIS, IdP, and applications so every access change happens automatically, accurately, and on time — no manual tickets, scripts, or human intervention required.

Joiner: Day 1 Access Without Tickets

Reduce access delays for new hires. Lumos detects hiring events in your HRIS and automatically provisions birthright applications based on role and department, so employees can get to work on day one.

Mover: Prevent Access Sprawl During Role Changes

New team? No problem. Lumos detects job title or department updates and orchestrates Mover workflows that remove unnecessary permissions and provision the right tools — maintaining least privilege as employees move.

Leaver: Consistent, Immediate Offboarding

Termination events or manual deactivation trigger Leaver workflows that revoke access across SaaS, cloud infrastructure, and internal tools. Lumos ensures accounts are fully deprovisioned to reduce risk and reclaim licenses.

Outcomes Delivered with Agentic AI

HRIS-driven triggers for access changes

Lumos connects your HRIS, IdP, and applications to translate people data changes into downstream access actions. Updates in systems like Workday, BambooHR, or Rippling trigger workflows across Okta, Microsoft Entra, SaaS applications, and infrastructure—helping keep access aligned with organizational changes.

See our integrations

Configure workflows with time-bound access

Grant access for a fixed period or ahead of a start date. Lumos supports time-bound lifecycle policies that provision and revoke access on defined schedules — perfect for temporary workers, on-call employees, and interns.

Learn more

Generate role-based access recommendations

Not sure which applications a role requires? Time to take out the guesswork. Albus analyzes usage patterns across peer users to suggest baseline access for each role — supporting more consistent, data-driven access policies.

Learn about Albus

Outcomes You Can Measure

3 min

average time to onboard and off board

99%

provisioning time savings with automation

60%

fewer IT access tickets in <90 days

+300 SECURE & SCALABLE INTEGRATIONS

Integrations That Just Work

View the Integrations Hub

Additional Resources

Inside The Autonomous Identity Revolution

Discover why legacy approaches fail due to core challenges in visibility, access sprawl, manual processes, and static systems.

The Ultimate Identity Governance Guide

Learn the ins-and-outs of access management and how an end-to-end identity governance and administration tool like Lumos can help.

Joiners MOVers Leavers FAQs

Frequently Asked Questions

Does Lumos support automated provisioning for new hires (Joiners)?

Yes. Lumos ensures Day 1 readiness by automatically creating accounts in your primary directory (Entra ID, Okta, AD), their primary email ID, and relevant SaaS apps as soon as the user is created in the HRIS system.

How does Lumos handle internal role changes (Movers)?

Lumos puts the Mover process on autopilot to prevent access accumulation. A change in your HRIS, such as Workday, automatically triggers the appropriate role and group changes, ensuring employees instantly get the new access they need while losing access they no longer require.

What happens when an employee leaves the company (Leavers)?

Lumos enforces a secure, zero-touch off-boarding process. On the user’s designated last day, the system automatically disables accounts and removes access across your directories and SaaS applications, closing security gaps immediately.

How is Lumos different from Okta Lifecycle Management?

Okta manages access to apps behind the SSO. Lumos goes deeper. We manage fine-grained permissions like roles, groups, project levels, and can provision or de-provision apps that aren't connected to Okta (via direct API or browser agents), giving you complete coverage.

What happens if a manager forgets to approve a request?

Lumos builds gentle reminders and escalations into the workflow. If a request sits in Slack for too long, the bot reminds the approver. You can also configure fallback approvers or auto-expiry rules to ensure requests never get stuck in limbo.

Can Lumos handle Leavers who turn into contractors?

The role of IGA is to ensure secure, compliant, and efficient access to resources across an organization. It enables IT and security teams to manage the entire identity lifecycle, enforce access policies, reduce overprovisioning, and streamline audits. With Lumos, the role of IGA expands: integrating automation, visibility, and AI into one unified platform that transforms identity governance from a manual chore into a strategic advantage.

Book a Demo

Try Lumos Today

Book a 1:1 demo with us and enable your IT and  Security teams to achieve more.

Albus AI Agent

AppStore

Access Reviews

Identity Analytics

Lifecycle Management

SaaS Management

Integrations

Identity Governance

Identity Security Posture

Agentic AI Security

Non-Human Identities

Zero-Touch IT

JML Workflow Orchestration

Shadow IT & SaaS Discovery

Marqeta

Roku

Sun Country Airlines

Blog

Product Tours

Events

Docs

ROI Calculator

Careers

Press Room

Trust