Automation

  • 4 min read

4 Ways of Revoking Access to Tools While Offboarding Employees

Ritish Reddy

21st October, 2022

SHARE ON:

In recent years, SaaS apps have become very popular. This has added to the complexities of the offboarding process. On the other hand, multiple ways, like SMP and SSO have streamlined the process. 

One of the critical jobs of IT teams when an employee leaves an organization is to remove employees' access to apps and tools assigned to them. Otherwise, there are risks of data breaches.

This is because employees have access to sensitive corporate data and are well aware of the organization’s internal systems. 

In our research study conducted along with Gartner, we found that most companies lack processes around deprovisioning SaaS apps while offboarding.

Only 14% of the companies surveyed have systems and processes around this.

Companies that don’t follow proper ways of deprovisioning are always at risk of data loss, cyber-attacks, and other security breaches. 

No matter why an employee leaves, offboarding is an important part of the transition process. You might face significant business security complications if you don’t know the proper ways.

This post will discuss the four practical ways of revoking access to tools.

4 Ways of Revoking Access to SaaS Tools

1. Spreadsheets

1.1 Keep an inventory of all the SaaS apps being used in your company

In spreadsheets, you can manually update and keep track of all the apps that are being used. Also, you can update when a new application is added. So, whenever you offboard any employee, you will have all the data about the tools. 

Hence, you can remove their access from those apps.

1.2 Use our SaaS tracking template

Tracking SaaS in spreadsheets can save you time and make it easier for you to monitor how many apps there are and how much money you spend on different SaaS applications.

Moreover, you will be able to record license data and arrange for an impending renewal with the assistance of this template.

1.3 Drawbacks/limitations

There are limitations to managing SaaS apps in spreadsheets. A Spreadsheet, for instance, cannot discover unauthorized apps being utilized in your organization. 

The spreadsheet is not updated regularly. Even if done so, it will not provide you with real-time updates. This may lead to compliance or security problems. 

Due to the thousands of SaaS apps used, it is impossible for businesses. Shadow IT adds to its drawbacks and makes it impossible to discover apps that employees sign up for without the knowledge of IT teams.

Additionally, employee surveys are of no help. It is time-consuming as app inventories must be manually updated and still lack accuracy.

2. Access Management With a Single Sign-on(SSO)

Single Sign-on enables the unified control of the user’s identity in the business settings. Users only need to remember one set of login credentials, those of the SSO itself, to get secured access to several applications and services deployed across a business.

With SSO, the users don’t need to keep track of many usernames and passwords for their different tools. It eases your task of revoking access, and you can directly remove their access from any SaaS apps.

2.1 Drawbacks of SSO

SSO has no control over applications. The access can be removed via SSO, but if the session is not expired, the employee can continue to have access to the application. It can lead to unrestricted use of the application even after the user's account has been deprovisioned. 

Consider logging into Slack with your Google Workspace account. Further that your Slack session is maintained for a full 15 days. Now, if you quit on Day 10, your session will continue to be alive for the next five days, even after your SSO-enabled Slack access has been revoked.

2.2 SSO Deployment

SSO deployment takes longer than anticipated. Because each IT environment is unique, and customization requirements necessitate extra processes. The whole technology is reliant on service providers and identity providers to connect their systems. 

Also, various standards are linked with SSO, such as LDAP.CAS and SAML, and each vendor have a unique implementation, causing incompatibility concerns; hence, integration is tough.

3. SaaS Management Platform (SMP)

Using a SaaS management platform can make the offboarding process easy. It automates the deprovisioning of employees. SMP will help your organization to stay secure and compliant.

Zluri is a SaaS management platform that provides a suitable configuration of offboarding management. It has features that help you avoid offboarding challenges and provide an automated solution. Zluri allows you to revoke employee access to SaaS apps with a single click.

Zluri has visibility to the SaaS apps, and you are not required to update it manually or through employee surveys. This increases the accuracy while deprovisioning users. 

Zluri’s offboarding automation blocks the former employee's access to all company assets and data. It makes a smooth transfer of responsibilities to the new joiners. 

Using Zluri, Deprovisioning is as simple as clicking a button and taking care of business. These are the following four actions that take place:

• To start, we remove all authentication from the various devices. Therefore, if a user is signed in on three different devices, that user will not be able to use any of those devices to access the app.

• After that, we either transfer the data to another user or make a copy of the data to keep as a backup. Therefore, no data is lost, even if canceling access is a simple process from the administrator's perspective.

• In addition, Zluri navigates back to the program and deletes the user because the data has been moved on to its intended destination.

• Last but not least, we remove the SSO.

Zluri doesn't only stop at the SSO level when it comes to authorization during deprovisioning. It is a powerful automation tool for offboarding users.

Additionally, it keeps an eye on how the SSO system is being utilized. For instance, it keeps track of users' sign-in logs, audit logs, and access logs, as well as the apps to which they have access, the level of permissions they have for using those apps, and the level of access logs they have.

4. Use a Self-Serve Model for SaaS Workflows Approvals(Like App Store)

The self-serve model allows employees to choose their preferred apps per their requirements. 

Zluri offers Employee app store (EAS) that automates your SaaS approval process. It provides clarity on the approval or disapproval of apps by the IT teams. This gives visibility to the IT teams and makes the offboarding process easy. Also, it eliminates shadow IT.

Moreover, the employee can get detailed information on security and compliance that help them to remain updated with the information. This will allow the organization’s data to stay secure in the first place. 

About the author

Ritish Reddy

Ritish is one of the co-founders of Zluri, the SaaS management tool for IT teams. He leads the Marketing and Partnerships as part of his role. Before Zluri, he was part of the founding team at KNOLSKAPE and Co-Founder at Cranium media. Ritish is an MBA graduate and is passionate about building, and scaling businesses ground up. He is an avid reader and loves exploring book stores and libraries in different parts of the world. He loves painting with his 4-year-old daughter.