Identity Governance often promises automation, reduced risk, and cleaner directories, but many organisations still rely on manual processes, scripts, or disconnected HR and IT workflows. In hybrid environments, the challenge is even greater when identity data flows between multiple systems of record, on-premises Active Directory, and Entra ID.

This deep dive session focuses on implementing Identity Governance in Entra ID using real-world Joiner, Mover, and Leaver scenarios. We start by examining identity Source of Authority models and how users can be synchronised or provisioned into Active Directory, Entra ID, or both, depending on organisational and technical requirements. Attendees will gain clarity on when to use HR-driven provisioning, directory-based authority, or cloud-only identity models.

Through live demos, we then walk through lifecycle workflows that automate onboarding, role changes, and offboarding. This includes group and application assignments, access reviews, entitlement management, and the use of Lifecycle Workflows to trigger actions at precise points in the employee journey. A key scenario demonstrated is automatically issuing Temporary Access Passes on day one to securely bootstrap multifactor authentication and passwordless sign-in without helpdesk intervention.

The session also covers the newly released object-level Source of Authority switching capability in Entra ID, allowing organisations to convert synchronised on-premises users to cloud-managed users without disruptive rebuilds. We will discuss why this matters, how it fits into long-term identity modernisation strategies, and the risks and guardrails to consider.

Attendees will leave with practical guidance, architectural patterns, and implementation insights to build scalable, auditable, and secure identity lifecycle automation using Entra ID Identity Governance across hybrid and cloud-native environments.