Identity lifecycle management is the set of controls used to create, modify, review, and revoke a user’s access across an organization. It covers the full identity journey: onboarding, role changes, privileged access assignment, and offboarding when a person leaves or no longer needs a system.
It matters because cyber security depends on matching access to current need. Weak identity lifecycle management can leave stale accounts, excessive permissions, or orphaned credentials that attackers can abuse after a compromise, layoff, or role change. Strong programs automate approvals, enforce least privilege, trigger access reviews, and remove tokens, VPN access, and privileged rights quickly. In defense, it helps prevent insider misuse and limits damage if an account is hijacked; in attacks, defenders often look for delayed revocation and other gaps that create a path deeper into sensitive systems.