Summary: Static role templates written from job descriptions rot the moment a role evolves — new joiners get over-permissioned or under-permissioned access, and 95% of provisioned permissions go unused. Oleria Trustfusion, an AI-native identity security & governance platform, solves this with peer-intelligence joiner provisioning that computes access bundles from what current role-holders actually use today — so new hires are productive on day one with right-sized access, not whatever was written down two years ago.
Static role templates are written from job descriptions and rarely updated. New joiners get the access someone wrote down two years ago — either over-permissioned or under-permissioned. The templates rot the moment a role evolves and no one rewrites them. 95% of enterprise permissions go unused (Microsoft Security); a meaningful share of that comes from joiner over-provisioning.
This is the gap most identity tools leave open: long implementation, manual mapping, snapshot data, perpetual maintenance. Oleria computes the bundle from what current role-holders actually use, continuously — and stands up fast enough that the value lands in the same quarter as the deployment. Aireon, for example, was generating actionable identity insights within 45 minutes of first deployment.
Oleria's AI generates the access bundle for every new joiner from observed peer usage — not from a template that hasn't been updated in two years. Bundle quality improves as more peers join the role.
Joiner time-to-access Days → day one
Stale template maintenance Eliminated
Over-permissioned new hires Down materially
Under-permissioned new hires (productivity loss) Down materially
Over-provisioned joiners create day-one audit risk. Under-provisioned joiners create day-one productivity loss. Oleria's peer-intelligence bundles eliminate both — and the implementation is faster than you expect. Aireon generated actionable identity insights within 45 minutes of first deployment.
Oleria's joiner workflow complements existing IGA tools. Many customers keep their current IGA for reporting, ticketing, and broader workflow orchestration, while Oleria handles bundle composition and SaaS-side provisioning. The peer-intelligence engine makes the joiner output meaningfully different; integration with your current tool is supported, and most customers expand Oleria's footprint over time as the bundle quality compounds.
Workday, SAP SuccessFactors, Oracle HCM, plus standard SCIM-based providers. New-hire detection, attribute changes, and termination flags flow automatically. The bundle is computed from peer attributes Oleria reads from the HRIS.
The bundle refreshes continuously from observed usage. When a role gains responsibility (new app added by current holders) or sheds it (app dropped by current holders), the bundle reflects the change. New joiners always get the live pattern. Architects get visibility into bundle drift; can override at any time.
When no bundle matches the joiner's role today, the joiner workflow does not auto-provision; the IT admin steps in to define access manually. The cold-start tier-2/3 waterfall (ad-hoc peer group from trigger attributes; manual definition fallback) is shipping with Mover and propagates to Joiner shortly after — at which point new roles will seed automatically and refine as actual peers arrive.
A role template is authored from a job description, signed off, and rarely updated. Peer intelligence is computed from observed usage of current role-holders — what people in this role actually use today. As the role evolves, the bundle evolves continuously. New joiners get the real access pattern, not the aspirational one written down two years ago.
