Automate the hardest parts of employee offboarding with Nudge Security

Eliminate 90% of the time and effort it normally takes to find and offboard cloud and SaaS access, including shadow IT.

According to our recent research, 70% of IT professionals say they’ve experienced the effects of incomplete employee offboarding, whether in the form of a security incident tied to an account that wasn’t deprovisioned, a surprise bill for resources that aren’t in use anymore, or a missed handoff of a critical resource or account. The problem is as pervasive as it is time-consuming to solve, which is why organizations spend a whopping five hours per employee on activities like finding and deprovisioning SaaS accounts each time a user departs. As the SaaS landscape continues to expand and create new opportunities for offboarding mistakes, organizations need solutions to help them transition employees as securely and efficiently as possible. 

How Nudge Security can help

Nudge Security’s new playbook for employee offboarding can help organizations save up to 90 percent of the time and effort involved in SaaS offboarding by automating time-consuming, easy-to-miss tasks like revoking OAuth grants and resetting passwords for accounts outside of single sign-on (SSO). 

Nudge Security continuously discovers and inventories all the SaaS and cloud applications your employees are using, including shadow IT, giving you a single system of record for departing users’ accounts and OAuth grants that need to be deprovisioned, revoked, or transferred. The employee offboarding playbook walks you through a comprehensive checklist for IT offboarding in alignment with Google and Microsoft best practices, enabling your team to transition employees securely and completely every time. 

Check it out in the interactive demo below, or read on for more details. 

Nudge Security’s new playbook walks you step-by-step through employee offboarding in alignment with best practices from Google and Microsoft. Let’s take a look at how Nudge Security helps you with each step so you can ensure that your SaaS offboarding process is comprehensive, secure, and thorough. 

1. Lock the employee out of their Google Workspace or Microsoft 365 account in accordance with Google and Microsoft best practices.

Once you’ve selected the employee you need to offboard, the first step is to verify the status of their Google or Microsoft account. 

To kick things off, you’ll want the employee’s Google or Microsoft account to remain active. However, you’ll want to make sure the user no longer has access to the account by resetting their password and disabling any recovery methods they may have set up. Nudge Security helps you verify the status of each of these steps so you can ensure that the user is locked out. 

2. Transfer ownership of critical resources. 

Before you begin deprovisioning your departing employee’s accounts, set remaining team members up for success by identifying and handing off essential resources. Otherwise, you risk orphaning critical resources like AWS root user accounts or losing access to corporate domains. 

Nudge Security automatically identifies critical resources owned by your departing employee and guides you through how to transfer ownership to other team members. For each resource, Nudge Security provides detailed instructions with helpful links and a summary of other app users who could take over responsibility for each resource. As you go through the list, you can confirm that you have transferred ownership or log your decision to ignore a particular resource that doesn’t need to be transferred.


3. Review and update app-to-app integrations. 

If a departing employee’s OAuth grant powers a key integration that affects business processes, revoking it could disrupt day-to-day operations.

Nudge Security summarizes the information you need to evaluate the level of access an OAuth grant for a particular integration provides, see the other users of the application, and understand the business impact of the integration so you can determine whether you need to recreate it with another account. 

4. Revoke SSO-managed accounts.

With the click of a button, you can revoke your employee’s access to all of the accounts managed by your single sign-on (SSO) provider, like Azure AD or Okta, within Nudge Security. (Later on, the playbook will also walk you through cleaning up the contents of those accounts.)

5. Revoke OAuth grants.

OAuth grants make it easy for employees to create new accounts simply by choosing the option to continue with Google Workspace or Microsoft 365. Nudge Security makes it just as easy for security and IT teams to identify and revoke departing users’ OAuth grants directly within Nudge Security. You can also investigate further by drilling down into individual grant details to understand their scopes and identify other users. 

6. Revoke access to unmanaged accounts.

OAuth grants and SSO-managed accounts only provide a partial view of your departing employee’s access. Lingering shadow IT can leave doors open for illegitimate access to sensitive resources and data after an employee leaves your organization. Luckily, Nudge Security also inventories unmanaged accounts that your employee created using their work email and password.

Nudge Security enables you to lock employees out of these accounts quickly and efficiently by triggering automated password resets. Without this automation, it could take hours to do this manually, if you even know the accounts exist in the first place.

7. Clean up revoked accounts.

Once the user’s access has been revoked, it’s important to clean up their accounts to avoid orphaning corporate data or continuing to pay for unused licenses. 

Nudge Security enables you to send an automated “nudge” to the technical contact for each SaaS application with instructions to delete sensitive data, reallocate licenses, and reassign ownership of resources to another user. 

8. Share a report of offboarding activities. 

Nudge Security records all of the offboarding steps you’ve taken, so you can always go back and check what was completed for each employee. Once you’ve finished offboarding a departing employee’s SaaS and cloud accounts, you can print a report of the activities you completed and share it with internal users or auditors. 

Transition employees seamlessly with Nudge Security

Nudge Security helps you offboard departing users efficiently and completely, enabling you to protect corporate resources and avoid business disruptions without wasting precious cycles on tedious, repetitive tasks. 

Interested in learning more? 

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors