In many organisations, the management of digital identities is still with IT. New employees are created manually, rights are granted via tickets, and departures are only discovered when someone no longer needs access. This leads to errors, delays, and risks.

However, there is a clear trend: the shift from IT-driven to HR-driven identity provisioning. More and more organisations recognise that the HR system is the most reliable source of information about who someone is, what role they hold, and when they join or leave the company.

1. The core of identity management: knowing who someone is

Identity & Access Management (IAM) revolves around one central question: who is allowed what within the organisation?

To answer that question effectively, you need reliable source data. HR systems contain exactly that data: name, employee number, function, department, start and end date, contract type, manager.

In contrast, IT systems often only know that someone has an account, not who that person actually is or why they have those rights. This leads to inconsistencies when roles change or employees leave.

2. HR systems contain the employee lifecycle

The HR system records the entire “joiner-mover-leaver” lifecycle.

• Joiner → new employee, known with start date

• Mover → role change or internal transfer

• Leaver → departure date registered

By linking IAM directly to HR data, accounts and rights can be automatically created, adjusted, or revoked. The HR mutation triggers the change, not a separate IT ticket.

3. Fewer errors, more compliance

Manual provisioning is prone to errors. People forget to remove accounts or adjust rights.
An HR-driven approach ensures that access rights always align with the current HR status.
Benefits:

• Immediate deactivation after leaving employment

• Automatic allocation of correct rights on function or department change

• Audit trails and traceability to source data

This is crucial for compliance with ISO 27001, NIS2, and GDPR.

4. HR as authoritative source in practice

In modern IAM architectures, the HR system acts as the authoritative source.
An example of this:

1. HR registers a new employee in AFAS, Visma or Nmbrs

2. Joinly reads the change and creates or updates the identity in Microsoft Entra ID

3. Role and department automatically determine roles, groups, and licenses

4. On departure, the account is deactivated on the exact leave date

Result: no more standalone IT processes, but one consistent data stream from HR.

5. The impact on the organisation

• IT is relieved and focuses on governance and control instead of manual tasks

• HR gains direct influence over digital access without technical knowledge

• Security improves as each identity is traceable and timely adjusted

• Audit and compliance are simplified because all access is traceable to HR data

6. The future: HR-driven governance

The next step is not only provisioning but also governance from an HR context.
For example:

• Temporary access for project staff based on contract duration

• Automatic approvals by managers in Joinly

• Role and access suggestions via AI (role mining) based on function data

The HR database thus becomes not only the source of identity but also the basis for access policy.

Conclusion

The question of who may have access to systems begins and ends with HR.
By using HR systems as the primary source, a consistent, secure, and automated IAM chain is created.
With Joinly, organisations can easily realise this shift without complex IAM software or expensive licenses.