01
Role change appears in HRMS
Role change appears in HRMS — new department, manager, location, or job code
PRODUCT · MOVER PATH
When roles change, so does access.
Promotions, transfers, department moves. KINT removes the old permissions and adds the new ones — in one workflow. No more "still has the old team's access".
KINT runtime
Transfer & Role Changes
The same governed runtime handles source events, app actions, audit evidence, retries, and replay.
Source event
received
Policy
approved
Evidence
signed
PROOF PATH
How KINT moves access.
02
KINT computes the diff: what's added, what's removed
KINT computes the diff: what's added, what's removed
03
Provisioning and deprovisioning run together
Provisioning and deprovisioning run together
04
Manager and employee notified with a summary
Manager and employee notified with a summary
WHAT IT HANDLES
Built for the real access path.
KINT covers the whole route from source truth to app action: employee data, policy rules, connector readiness, approvals, evidence, and replay stay in one governed path.
Source truth
Governed action
Audit evidence
Department transfers (Eng → Sales): old groups removed, new ones added, Salesforce role updated
Promotions (IC → Manager): admin scopes added carefully, with approval, never blanket
Geo moves (US → EU): region-specific app instances swapped, data residency rules respected
Manager changes: reporting lines updated in every app that has hierarchies
HOW IT WORKS UNDER THE HOOD
The 30% of access changes most tools miss.
Most identity tools focus on hires and leavers because they are easy to detect. Movers are harder. A role change is not an obvious lifecycle event, and most teams handle it through Slack pings.
KINT treats movers as first-class. Any field change on an employee record — department, manager, location, level, cost center — triggers a diff. The diff becomes a workflow. The workflow is governed. The change is logged.
| Trigger | Example | Behavior |
|---|---|---|
| Department | Engineering → Sales | Remove old groups, add new groups, update Salesforce role |
| Manager | Reports to X → Reports to Y | Update reporting lines anywhere the app supports hierarchy |
| Location | US → EU | Swap regional app instances and respect data-residency rules |
| Promotion | IC → Manager | Add manager scopes with approval, never blanket access |