Offboarding Employees

  • Updated

An essential part of security is ensuring that former employees lose access to accounts and systems as soon as they leave.  

 

Offboarding Employees

If you have an identity provider (i.e., Gsuite, O365, Okta) or an HRIS (i.e., Rippling, Gusto, Bamboo) connected to Vanta, these integrations are considered the source of truth for employee status. 


As soon as Vanta detects a change in status from the connected service, we will prompt you to complete offboarding the user. 

completeoffboarding.png

 

  • The offboarding drawer is used to surface and group together actionable items.
    • The unmonitored accounts section includes all vendors that do not have corresponding credentials connected.
    • The monitored accounts section consists of all vendors for which credentials are connected, and we have detected that the user has an account.

 

  • Unmonitored accounts that require administrators to verify deactivation can deactivated individually by clicking on the dash circle, or be marked in bulk via the Mark all deactivated button.

Screenshot 2024-04-08 at 3.13.01 pm.png

 

  • Admins may also override Vanta and mark monitored accounts as deactivated if they provide a reason. This helps support workflows where Vanta is not able to detect that access has been automatically removed (e.g., the admin manually changed the password on a Google Workspace account but would like to keep the account active).

  • Manually added users follow the same process as marking unmonitored accounts. Approve the deactivation of each integration, then follow up with complete offboarding. 

 

Offboarding Override 

  • After offboarding is completed, it may be reset. Resetting offboarding removes any manual acknowledgments of account deactivation and brings the user back into an incomplete or offboarding overdue state. 

Screenshot 2024-04-08 at 3.20.08 pm.png

 

  • This may be used when an admin unintentionally marked offboarding as complete or unintentionally marked an account as deactivated.
    • This feature does not remove the end date for the user nor bring them back into our system as active - if an admin would like to reactivate an employee who was marked as terminated in an HR system, they should continue to follow existing workflows to mark the employee is active again.