Skip to content

Joiner-Mover-Leaver (JML) Lifecycle Processes

Joiner-Mover-Leaver

Figure 1. Joiner-Mover-Leaver

The JML (Joiner, Mover, Leaver) process is central to effective employee lifecycle management. RoboMQ's integration platform enables automated workflows for the following scenarios:

Joiner (Onboarding)

Hire2Retire, RoboMQ’s fully automated employee lifecycle management solution, addresses these challenges by orchestrating onboarding workflows across your enterprise systems the moment a new hire is added to your HR platform. By eliminating manual handoffs and automating repetitive tasks, Hire2Retire ensures that new employees are productive from day one, with the right tools, access, and organizational alignment—all while maintaining security and compliance.

Key Automated Onboarding Capabilities

  • Identity Profile and Email Creation - Automatically generates identity records in directory services and provisions enterprise email accounts for immediate communication and collaboration.

  • Role-Based Privilege Assignments - Assigns application and system privileges based on job roles, ensuring secure and appropriate access from day one.

  • Global Address List (GAL) and Org Chart Placement - Updates organizational directories and charts, making new hires visible and searchable within the company’s internal communication tools.

  • Asset and Resource Provisioning - Triggers automated workflows to allocate devices, software, and digital resources tailored to the employee's role and location.

  • Third-Party Access Provisioning - Securely provisions access to external SaaS tools and platforms, governed by IT policies and role-based entitlements.

  • Service Desk Integration and Audit Trail - Integrates with ITSM platforms to log activities and provide a full audit trail for transparency, compliance, and support.

This automated approach eliminates manual intervention and essences accurate and timely processing of an employee transitions while maintaining audit trails for the same.

Mover (Role Change)

Hire2Retire intelligently automates identity and access updates when an employee’s role or profile is changed in the HR system. This ensures that employees always have the correct privileges and tools aligned with their current responsibilities.

Key Automated Role Change Capabilities

  1. Privileges and Group Membership Updates - Automatically updates user roles, security group assignments, and permissions based on the new job function. This ensures least privilege access and role accuracy.

  2. Third-Party Access and Resource Provisioning - Adjusts access to SaaS applications and resources using Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC), maintaining governance and compliance.

  3. Global Address List (GAL) and Organizational Chart Updates - Reflects new titles, departments, and reporting structures in the corporate directory and internal communication platforms.

  4. Email Communication and Service Desk Integration - Sends automated notifications and creates service desk tickets for asset reallocation, software access, and workspace changes. This helps in streamlining IT operations during role transitions.

With Hire2Retire, role changes are seamless, secure, and fully auditable. Thus, eliminating delays and ensuring that users have the right access, every time.

Leaver (Offboarding)

Hire2Retire automates and orchestrates the offboarding process as soon as a termination or separation event is recorded in the HR system. This ensures secure and policy-compliant deprovisioning, protecting enterprise assets and enabling seamless transitions.

Key Automated Offboarding Capabilities

  1. Identity Termination and Group Removal - Automatically disables the user account in the identity system and removes all group memberships to prevent unauthorized access.

  2. Access and Privilege Revocation - Systematically revokes access to all applications, systems, and data repositories across the enterprise.

  3. Email Conversion to Shared Mailbox - Converts the user’s email account into a shared mailbox to retain communication records and maintain business continuity.

  4. OneDrive Reassignment - Transfers ownership of the user's OneDrive to their manager, preserving critical files and project documentation.

  5. Email Notifications and ITSM Workflow Integration - Triggers email communication and offboarding workflows in IT Service Management (ITSM) platforms to coordinate tasks across departments.

With Hire2Retire, offboarding becomes a secure, efficient, and fully auditable process. Thus, minimizing risk while ensuring continuity and compliance.

Profile Mapping

Profile mapping ensures that employee data is accurately propagated to the Active Directory structure. The Hire2Retire solution provides predefined mapping templates for:

  • ATS to IdP Profile Mapping: This mapping translates fields from the ATS source to corresponding attributes in IdP. Examples include mapping "Job Title" to AD’s "Title" field and "Department" to "OU Path". Role-based access groups are assigned based on job function and department.

  • HR to IdP Profile Mapping: This mapping is more comprehensive, considering ongoing employee changes (e.g., promotions, departmental moves). Fields from HRIS are mapped to update user objects in IdP. The mapping logic includes primary identifiers such as Employee ID to ensure consistency.

Hire2Retire supports attribute transformation and conditional logic to accommodate complex organizational policies.

Profile Mapping

Figure 2. Profile Mapping

Lifecycle Business Rules

Hire2Retire implements robust business rules to govern employee lifecycle management. These rules ensure that actions taken by the integration are contextually accurate and compliant with enterprise policies. Key categories of rules include:

  • Joiner Rules: Create AD account, assign to groups, generate email address, provision IT resources.

  • Mover Rules: Update title, department, and manager in AD; reassess group memberships; reassign permissions.

  • Leaver Rules: Disable account, remove from groups, archive mailbox, revoke access to internal systems.

Each rule is triggered based on event conditions sourced from HR or ATS platforms. Event triggers include new hire entries, job title changes, or termination status updates. Rules can be customized to support exceptions and escalations. The full list of business rules is available at the Lifecycle Business Rules.

Lifecycle Business Rules

Figure 3. Lifecycle Business Rules

Employment Status Handling

Proper handling of employment status is critical to maintaining system integrity and security. Hire2Retire categorizes employment statuses into active, inactive, and transitional states:

  • Active: Employees with current employment status. Full access and profile provisioning are enabled.

  • Inactive: Typically includes terminated or retired employees. Access is revoked, and accounts are disabled.

  • Transitional: Includes future hires, employees on leave, or contractors with temporary status. Conditional rules apply based on dates and employment type.

Employment status is evaluated using date logic and status fields from the HR data. For instance, a termination effective date in the future triggers a countdown-based offboarding workflow. Hire2Retire provides a detailed employment status model, available at the Employment Status documentation.

RoboMQ’s integration solution offers a comprehensive and scalable framework for employee lifecycle management, covering every phase from onboarding to offboarding. By leveraging structured HR data, dynamic profile mapping, and robust business rules, enterprises can ensure consistent identity and access management while improving operational efficiency. This approach not only minimizes risk but also aligns with compliance and governance standards essential in modern workforce management.

Employment Status Handling

Figure 4. Employment Status Handling