Blog

Easier & more secure employee offboarding for small businesses with YeshID

January 25, 2024

When people talk about onboarding and offboarding, onboarding gets all the attention. We talk about how to make a seamless onboarding experience and get your new employee to work fast. How to provide them with the birthright apps they need to do their job. But we don’t talk about what happens when it’s time to part ways with an employee and what needs to be done then. Ensuring proper offboarding is a huge concern for small businesses. When you part ways with an employee, there’s a lot you can forget that can leave you vulnerable:

  • If the recovery email and phone number aren’t reset, the user might be able to regain access to their account.
  • If you forget to forward the user’s email, you might miss out on important communication from your customers.
  • If you don’t promptly deprovision the user’s accounts from third-party applications, you might be paying more in license costs than you need.

Luckily, it’s not all up to you to remember every step. Here’s how you can handle employee offboarding in YeshID.

Easier employee offboarding in YeshID

To offboard someone in YeshID, select that person from your Organization, and in the side car that opens, click ‘Offboard.’ From here, you can choose:

  • What action you wish to perform (suspending vs deleting)
  • Who, if anyone, to assign access to the employee’s Google Docs/Drive, Calendar, etc. data
  • Who, if anyone, should receive new email sent to the old address
  • When you would like the process initiated

As long as you are managing application access in YeshID, we will also create subtasks for applications which need to be deprovisioned. This is a big differentiator from how you can manage this process in the Google Workspace console. Offboarding directly in the console only turns off “sign in with Google” accounts for the user. But what about accounts that use a work email and password? YeshID helps you track all application access to make sure the user is offboarded from any company applications they had access to.

Now let’s dive into each option.

Offboarding with the intention to suspend

This is a good option if you want to remove access for a user but don’t want to completely delete them. For example, maybe the user was privy to critical business data that you don’t want to risk losing, or maybe it’s a seasonal contractor that you plan to reinstate later in the year. Here’s what happens when you suspend a user in YeshID:

  • The user's data will be kept, but they won't receive emails, calendar invitations, or files as long as they're suspended (note: this does require you to maintain a Google Workspace license for the user).
  • Once you specify that the user is suspended, you will be prompted to create a task list to offboard the user from the applications they have access to.
  • Emails are sent to the application administrators, prompting them to remove access for the user at specified time.
  • You can “unsuspend” a user at any time, as long as they're not deleted.

Offboarding with the intention to delete

This is a good option if you know that you want to remove the user entirely. When you delete a user, YeshID will:

  • Reset the Google Workspace password, which will revoke any application-specific passwords tied to the user’s account
  • Log the user out of every Google session across all of their devices by invalidating their session cookies
  • Delete the user’s account recovery email and phone numbers
  • Revoke all OAuth grants associated with the user’s account
  • Prompt you to create a task list to offboard the user from the applications they have access to
  • Send emails to application administrators, prompting them to remove access for the user at the specified time.

When you delete a user, YeshID will also create a list of tasks that an admin must manually complete. While the above steps will happen automatically, these steps require confirmation from the admin to continue:

  • Confirm that they have transferred all email from the account they wish to save, by using the Google Data Migration Service.
  • Initiate any data transfers that were configured in the YeshID offboarding dialog (Google Docs/Drive, Calendar, etc.).
  • Delete the account in Google Workspace.
  • Set the old email address as an alias on another account so you can continue receiving new email for the old account.

It’s worth noting that the last step here, creating an alias, can’t be done until you delete the user. Then you have to remember to come back to create the alias. It’s an easy step to forget — thankfully you have that task reminder in YeshID. 😉

Easier offboarding with technology

The task of offboarding a user contains many distinct steps, each of which can lead to issues if forgotten. Why take the risk? YeshID uses ready-made procedures that ensure you follow offboarding best practices and keep your environment safe and running smoothly. See how easy it can be.

Recent Posts
Google Workspace: Organize Org Units, Groups, Policies, Devices, and more!
How to Meet SOC 2 Access Review Requirements - A Startup's Toolkit
YeshID Monthly Release Notes: October 2024
Introducing Access Review: Simplify your compliance journey
🚀 YeshID Monthly Release Notes: : September 2024
Ready to take control of your identity access management?
Sign up