IGA (Identity Governance and Administration) manages user identities and access across the organization, ensuring proper access and compliance. PAM (Privileged Access Management) secures privileged accounts with elevated permissions by using measures like credential vaulting and session monitoring to prevent misuse. While IGA handles overall user access, PAM adds security for the most sensitive accounts.
StrongDM manages and audits access to infrastructure.
- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
People come, and people go, and while digital identities should cease to exist after a departure, many times, this doesn’t happen. At any given time, organizations can have thousands of user identities to manage and track, so when processes aren’t automated, it’s easy for many identities to fall through the cracks. This phenomenon is called Identity Lifecycle Management, and when it comes to access and security, it’s worth the time to get it right.
Identity lifecycle management is the process of managing user identities and access privileges for all members of an organization. It follows each user from onboarding to departure: Provisioning, updating, or revoking access to applications and resources as appropriate. Said another way, Identity Lifecycle Management manages the provisioning and deprovisioning of access with the flow of joiners, movers, and leavers.
What are Joiners, Movers, and Leavers (JML)?
- Joiners: A new employee joins the organization and needs to be onboarded.
- Movers: An employee receives a promotion, changes departments or teams, or moves across the organization due to restructuring.
- Leavers: An employee departs the organization and needs to be offboarded.
The JML Process Challenge
Inter-departmental cooperation between IT, HR, and Operations helps organizations stay on top of the Joiner, Mover, and Leaver cycle, but cooperation alone can’t solve the issue at scale. When organizations rely on manual processes, the processes can be prone to errors, potentially leading to privilege creep, dormant accounts, and breaches.
This is where automation and tooling come into play. While many identity providers have tackled this problem from an application perspective, easily managing it for infrastructure and back-end resources can still be a struggle. But it doesn’t have to be.
How to Automate the JML Process
StrongDM is a proxy that manages and audits access to databases, servers, clusters, and web apps. The platform reduces risk by combining the appropriate policies with an automated approach to access management to oversee Identity Lifecycles from joiners to movers and leavers.
With StrongDM’s powerful set of attribute-based rules, you can grant access dynamically whenever a resource is spun up or spun down. Besides providing the flexibility needed in today’s ephemeral computing environments, rules eliminate costly manual administration and give organizations more granular control when provisioning infrastructure.
Intrigued? Check out these videos to see StrongDM in action.
How To Link Okta Groups to StrongDM Using SCIM Provisioning:
How to provision StrongDM users, groups, and roles through Okta:
The Automated JML Process Examples
Let’s walk through an example of how companies can combine policy-based solutions with an IdP integration using StrongDM. We’ll name our fictitious employee Pamela. Pamela works for The Happy Place Company, a company that uses StrongDM to manage infrastructure access.
Joiners
Pamela joined The Happy Place Company in October 2022 as a DevOps Engineer. She is onboarded to the team. She needs to receive access to only what she needs. Using her IdP, Okta, Pamela is assigned a Group Assignment based on her role as a DevOps Engineer. The Okta Group then determines the infrastructure she has access to within StrongDM.
Movers
In September of 2023, Pamela realizes her passion for cloud engineering outweighs her fondness for her current role. She switches departments and joins a new team as a Cloud Engineer. When her role changes, so does her access. She no longer needs access to certain vaults, infrastructure, or tools, and she needs access to cloud resources.
Leavers
In January of 2025, Pamela is ready for her next adventure. She announces she is opening up her own business and sets her departure date. Now that Pamela is leaving The Happy Place Company, all of her access must be revoked at the end of her last day.
SCIM: How StrongDM and the IdP Work Together
SCIM supports the exchange of user identity data between an enterprise identity provider (or an identity and access management system) and cloud service providers by providing an easy way to grant users access to cloud-based applications while keeping sensitive data secure.
SCIM provides the scalability that growing companies need. As organizations hire more employees and adopt more cloud-based applications, identity and access management becomes increasingly complex. Managing large numbers of accounts manually consumes valuable IT time, introduces errors, and impedes productivity. SCIM solves these problems and offers additional advantages.
StrongDM’s simplified SCIM auto-provisioning dramatically reduces the time needed to grant access requests, allowing employees to get into the resources they need more quickly. You can choose which users and groups you want your identity provider to manage, synchronize role-based access controls, manage policy exceptions, and more.
StrongDM integrates seamlessly with any SCIM-based directory service, such as Okta, Microsoft Entra ID (fka Azure AD), or Google. Tighter SCIM integrations enable you to manage just-in-time, least-privilege access to critical infrastructure directly from your identity provider.
Frictionless JML Processes with StrongDM
The StrongDM®’s Zero Trust Privileged Access Management (PAM) platform provides a single source of truth for cloud identity management. It eases friction, streamlines user provisioning and deprovisioning SCIM tasks, reduces IT costs, and helps employees get access to the resources they need faster—all without sacrificing security.
Want to experience frictionless Joiner, Mover, and Leaver processes for yourself? Sign up for our free demo.
About the Author
💙 this post?
Then get all that StrongDM goodness, right in your inbox.
You May Also Like
Internet of Things (IoT) devices form the backbone of many modern businesses, facilitating operations, collecting valuable data, and enhancing efficiency. However, the widespread deployment of these devices creates numerous entry points for potential attackers. Without robust security measures, you risk exposing critical systems and sensitive information to malicious actors.
Traditional security measures like simple virus protection, firewalls, and web and email filtering are no longer sufficient to safeguard against the sophisticated tactics used by modern cybercriminals. This heightened complexity means you must implement advanced defense mechanisms that go beyond basic protections, ensuring a resilient and adaptive cybersecurity posture.
This article investigates MFA fatigue attacks. We'll explain how they work, why they're effective, and who they typically target. We'll also provide real-life examples to help your team detect and prevent these threats. You'll leave with a clear understanding of MFA fatigue attacks and tips on how to shore up your cloud security to defend against them.
