Offboarding Checklist: Closing the Door When Employees Leave

Employee offboarding is one of the most overlooked security processes in small businesses. When someone leaves, the focus is usually on payroll, equipment return, and a final paycheck. Account access often lingers for weeks, sometimes months. That gap is a real risk, whether the departure was friendly or not.

A tight offboarding process does not require enterprise tooling. It requires a checklist and an owner. Run through the following on the employee's last day, ideally before they walk out the door:

• Disable the user in your identity provider (Microsoft 365, Google Workspace) and revoke active sessions.
• Reset and store the password rather than deleting the account immediately, so you can preserve email and files.
• Remove or rotate any shared credentials the employee had access to in your password manager.
• Revoke MFA tokens, authenticator app registrations, and any hardware keys.
• Audit SaaS apps the employee used. Many tools sit outside your main identity provider and need manual deactivation.
• Reclaim mobile devices, laptops, and any hardware tokens. Wipe personal devices that had work data through MDM.
• Forward email to a manager for a defined window, then archive the mailbox according to retention policy.
• Update vendor contacts, distribution lists, and any external accounts where the employee was the named user.
• Review and revoke API keys, certificates, or service account access the employee created.
• Document the offboarding in a shared log so nothing is missed and audits are easy.

For businesses under 40 employees, a single page checklist run by an owner or office manager covers most of the risk. Realm Defense can help you build a repeatable offboarding process, integrate it with your identity provider, and make sure the SaaS sprawl in your environment is actually visible. Reach out for a quick identity review.