Checklist: A Guide to the Best Offboarding Practices for Busy IT Teams

Easily Grant and Remove App and Data Access as Employees Depart Your Organization

Companies tend to pay more attention to the employee on-boarding experience than the offboarding process. Removing the access rights of a departing employee is an important part of identity and access management. Unused licenses and other unprotected ports are just waiting for someone to exploit them - meaning increased software costs and possible security breaches later down the line. Download this guide to learn more about how your IT team can protect company data.

Download Guide

Introducing Lumos

IT teams spend way too much time tracking help desk tickets for routine access requests. And employees spend way too much time waiting to get access to the apps they need to do their jobs.

Lumos Is on a Mission To Change That

Lumos takes access management and the ITIL experience to the next level by combining the workflow automation power of an identity governance and administration tool with the visibility and cost management controls of a SaaS management solution.

The result: a single solution that helps IT teams achieve compliance, drive productivity, and manage costs with workflow automation that handles employee access requests, access reviews, and SaaS app license removals.

Download Guide

Onboarding + Off-Boarding Automation

Streamline onboarding and rely on one-click off-boarding to manage app access and permissions.

Employee Self-Service Access Requests

Employees can see and request access to the apps they need to do their jobs.

Automated
Access Reviews

Speed through your SOX, SOC2, HIPAA, and ISO27001 audit prep with audit-friendly reporting.

Ready To Learn More About How We Can Help Transform Your IT Operations?

Visit Lumos

Often times, offboarding is thought of as a fairly simple operation outside IT. However, this is an outdated view, particularly in the modern era of SaaS software proliferation. It has gotten more complex as employee use of tools, particularly those outside the control of IT, has grown. Offboarding in this new reality, and done right, can have a large impact on how your IT team contributes to overall organizational success. With the tools necessary to help a business be more profitable and more secure, IT has the potential to become a real partner with HR and other departments in ensuring off-boarding becomes something you are good at vs. something that can weigh your company down unnecessarily.

What Does Off-Boarding Mean?

While human resources managers may focus on employee relations, and positioning the company as best it can upon employees voluntarily and involuntarily leaving, an IT manager is more concerned with technology and its role in business operations. Employee access to company assets is typically managed by IT teams, and is often not thought through as much as legal issues HR departments handle when you go to off-board employees. Part of any employee lifecycle at a company is an employee offboarding process. From an IT perspective, it includes assessing ownership and access to both physical assets and services. On the services side, this includes adjusting or terminating software access in the best possible way.

What Is The Difference Between Onboarding and Off-Boarding?

While an onboarding process and eventual off-boarding are all part of the employee lifecycle, they can be distinctly different. Onboarding is typically more focused on system access authorization, troubleshooting access issues, and applying correct privileges (commonly managed through role-based access control or RBAC). An IT offboarding program, on the other hand, also involves the potential reallocation of licenses, transfer of system or software ownership, and review of both company process and need. The extent of of an IT team's involvement varies from company to company. However, there is an opportunity in this area to become a better business partner and steward of company resources if done right.

SaaS Offboarding Best Practices

Even prior to an exit interview or exit survey of an employee, IT teams should already know how to handle asset and system deprovisioning. This includes having a process in place, clearly defined roles within that process, and mechanisms or systems in place for management. This is all easier said than done. In the modern SaaS environment where IT doesn't control all applications, even things like identifying SaaS product ownership internally can be a challenge. While HR may have things like a company-branded exit portal in place or other automated systems for something like a resignation process, IT teams are often reactive in their approach. The anxiety and rushed nature of IT service management (ITSM) requests in this area don't need to produce the fire drill they often do. IT really comes down thinking through the function and putting well supported processes in place.

IT Offboarding Checklist

It's helpful to have a checklist when you or someone else on your IT team is offboarding an employee. Here are some important steps for your IT team when off-boarding employees, particularly when it comes to SaaS applications. Often, you can start in on this checklist in the notice period for a regular employee's separation.

  • Determine the reason and timing of the off-boarding so your team can respond to the risk level appropriately
  • Identify (hopefully from proactive documentation) all the assets and systems the employee has access to
  • Initiate any asset retrieval process to minimize company risk
  • Review software access levels and determine the need to change ownership and/or re-assess the solution
  • Revoke SSO, VPN, credit card and similar access based on exit timing and/or company risk
  • Transfer any data or software assets from the exiting employee to another party or service account
  • Create forwarding rules for any communication to newly responsible employees
  • Revoke access to software after ownership/privileged access is transferred
  • Reassign or reclaim licenses to software
  • Review and optimize this process cross-departmentally, with special attention to better documentation around software not centrally managed by IT

Offboarding Software: Taking the Hassle Out of Deprovisioning

Much of the anxiety and hassle that is part of an IT off-boarding process for employees can be avoided. More often than not, a smooth transition becomes elusive because the upfront work around access and process documentation hasn't been done. With good reason, it can be time consuming a require a lot of coordination to get these in a usable state. Successful off-boarding, particularly when it involves software, can be the combination of typical SaaS management and identity access management (IAM) software. However, there is a new breed of identity governance administration (IGA) tools that can help you effectively manage both cost optimization and security risk. Some functionality to consider in a single solution is the identification of licenses by SaaS product, ability to alter access, automated communication and approval workflow, and broader access review functionality to manage risk more holistically. A single solution here can reduce the time and effort you spend on offboarding tasks. It can also help you produce better results and eliminate the anxiety associated with offboarding.

Workflow Automation Example

An example of workflow automation for a software provisioning request might include notification by the human resources team of a new employee joining the sales department via project management software. This software often captures the request via a form, which is the trigger for the workflow process to begin. The request is then routed to an IT manager, who inquires of the hiring manager what software and permissions within that software should be provided. The IT manager then often uses pre-determined permission groups for the department to automate the provisioning via an identity access management (IAM) tool with adjustments per the hiring manager's input. The ticket is then closed with notifications and often setup instructions to involved parties that access has been granted. The extent of the digital workflow is often hidden to the source team, in this case, human resources. As you can see, this process involves several systems and people, and while part of this may be robotic process automation, there are still some gaps that are handled manually. Whether it's an efficient workflow that helps improve operations is always up for review.

What is the impact of workflow automation on your business?

For IT, workflow automation can has a significant impact, especially when more of those manual bits can be automated. Any workflow automation process has the potential to reduce costs and improve efficiency by allowing teams to focus on higher-value activities instead of repetitive tasks. This is why organizations like Amazon, Google, and Salesforce invest heavily in this type of technology.

Benefits of using integrated workflow automation tool

Further benefits of using IT workflow automation software that is integrated with your systems include improving new hire productivity and shortening their ramp up time, which helps them provide faster value to the organization. IT teams can also benefit by reducing time spent on lower level tasks like provisioning, which can eat up over 25% of a team's time in SaaS intensive work environments. Applied to de-provisioning or offboarding of employees, workflow automation logic can also reduce risk and potentially avoid lost revenue related to security breaches by addressing privileged access issues.

What are the most implemented automated workflows out there?

Every department in modern mid- to enterprise-size businesses can benefit from workflow automation. Here are some examples of workflow automation: Sales departments might use automated workflows to better capture contact information for prospects and communicate with them. A marketing team may use automated workflows to route leads more effectively across several technology platforms to the right team members. For IT, it can dramatically improve the provisioning of SaaS solutions, help address security issues related to privileged access (to company systems and customer data), and also help with access reviews that are part of compliance processes. More advanced workflows could might include vendor reviews or vendor risk assessments. There are so many types of workflow automation in which rule-based logic can eliminate manual workflows prone to human errors and put in place significant process improvements that help an organization thrive.