Skip to content

People

A staff member is leaving. Managing their access

Leavers are the most common source of orphaned accounts.

Your goal is the same whether it's a planned departure or a same-day exit: revoke what they no longer need, preserve what the business does need.

One week before

  • List every system they have access to.
  • Identify what they own (files, dashboards, automations). Brief their manager.
  • Identify external accounts in their personal email.

Day of departure

  • Disable the M365 / Google account at end of day — don't delete.
  • Revoke MFA enrollment.
  • Sign out of all sessions.
  • Change shared passwords they had access to.
  • Collect company devices.
  • Set up email forwarding for 30–90 days.

Within a week

  • Audit shared drives. Reassign ownership.
  • Audit external SaaS.
  • Email external suppliers to update contacts.
  • Check shared inboxes.
  • Update tools register.

Common mistakes

  • Deleting the account immediately.
  • Leaving the account active ‘just in case.’
  • Forgetting external SaaS.