By Zach DeMeyer Posted November 15, 2019
Improper employee offboarding can spell disaster. By automating the process, organizations minimize offboarding overhead while preventing potential long-term catastrophes.
Why Automate Offboarding?
The process of fully offboarding a user can take HR and IT weeks. One of the most important aspects of the process is ensuring that an employee’s access to their IT resources is properly removed. If not, a disgruntled ex-employee can use their remaining access to wreak havoc on an organization.
For example, a terminated IT employee at an online university used his lingering admin access to change the credentials to the school’s G Suite™, locking all users out of their accounts. He then held the credentials ransom to the tune of $200k, holding the over 2,000 email and course work accounts hostage until the problem was solved after a long legal battle.
In another case, the head chef at a pub in the UK was fired after a dispute over leave time. The chef used his uninhibited access to the company’s Twitter account to inform the public of his termination, as well as the dark circumstances behind it.
With unchecked access after termination, employees can even affect ecommerce and other critical company infrastructure. In 2016, a Marriott employee used lingering credentials to reduce nightly rates to as low as $12, spelling a brief disaster for the hotel giant.
The above examples are only a few of the many occasions when an ex-employee has used residual access to take revenge on their former employer. Imagine what an angry former employee could do with access to critical infrastructure in AWS® or something similar.
By ensuring that a terminated employee’s access is completely deprovisioned, these mishaps can be avoided. Of course, that is often easier said than done, especially if it has to be done manually. Considering the fact that an employee will often have access to applications, infrastructure, file servers, etc., as well as the system(s) they use to access them all, removing access across this wide surface area can take a long time.
Automating Offboarding with JumpCloud
JumpCloud Directory-as-a-Service® is the first cloud directory service, providing end users with a single set of credentials to access virtually all of their IT resources. Since JumpCloud is the authoritative identity provider for these resources, IT organizations can use the platform to automate offboarding with a single click. By completely deprovisioning user access without outright deleting said user, IT can still have access to important data that the employee used/created while preventing the employee from accessing it themselves.
One method for doing so is through the Suspend User state. By suspending a user, JumpCloud admins completely deprovision said user’s access to their JumpCloud-bound resources without deleting them from JumpCloud. That way, admins can still access the user’s accounts to retrieve company data and other information, but the user themselves will not be able to log in to their systems, applications, infrastructure, networks, etc.
A critical capability of the suspend user functionality is that it immediately terminates a user’s session on their Mac, Windows, or Linux machine. This can be incredibly important in a tense termination situation.
JumpCloud admins can suspend a user with a simple click of a checkbox. Admins can also suspend users en masse, selecting several users or groups of users and removing their access in an instant.
Another method is through the JumpCloud PowerShell module. The ‘Remove-JCUserGroupMember’ command will extricate a user from the groups that provide them with access to applications, networks, systems, and other resources, without deleting the user wholesale.
Try JumpCloud for Free
If you are interested in automating your offboarding processes, consider JumpCloud Directory-as-a-Service. You can try JumpCloud for free for up to 10 users/systems. Simply sign up for a JumpCloud account — no credit card required — to get started.