iQuasar Cyber

Request a Callback

Let’s Automate the “Leaver Process”

Automating Leaver Process

The “leaver process or a termination process” is a critical part of any organization and is the final point of a user life cycle within an organization. Starting with Human Resources and culminating in the removal of access from an organization and its critical infrastructure is part of the leaver process. This blog will focus on an organization’s Leaver process. The blog simply identifies the leaver process and how the process can be automated to lower costs, reduce risk and increase efficiency in any organization.

What is a Leaver Process?

Simply put, a process that offboards an employee from an organization and removes access from resources across the enterprise is a leaver process. A leaver process can be as simple as disabling a network account to prohibit access to an organization’s network and resources. Similarly, removing access to an office building could be a requirement for a leaver process. When a user leaves, access to all systems must be revoked at the end of their final day. Depending on the industry, various organizations mandate specific activities to be carried out prior to the last day of employment.  

Almost all organizations have some sort of process for offboarding employees and non-employees. Typically, organizations have two use case types of the leaver process:

  • Scheduled termination
  • Immediate termination
 

Manual Leaver Process Summary

Traditionally, the onboarding process is a business function outside Identity and Access Management (IAM) process and is developed using multiple silo and manual processes. However, with the advent of IAM tools and sophistication integration with applications, employee offboarding has been seen as a critical part of lowering risk and costs.

In the current business operations model, IAM tools can be used to automate manual processes with the collaboration of Human Resources, application owners, and business owners. Below is a summary of the manual off-boarding process and a sample of an automated off-boarding process.  

In a manual user offboarding process following steps may be taken:

  1. Request by HR to disable an employee ID in a financial system
  2. Request the IT support team to disable network access
  3. Usually, an email is sent to the employee manager about the status of the above activities.
  4. Email mailbox may need to be disabled but archived for regulatory reasons.
  5. Additional requests may need to be submitted to application or business owners to remove access.
  6. Each of these steps can result in time consuming processes and, at times, incorrect removal from applications due to manual processes.
  7. In addition to the process, proper auditing tools have to be in place to completely document requests and approval, access de-provisioning, and other human resource tasks. A quick checklist for termination is highlighted in the table here:
     

 

Automating The Leaver Process

  1. In contrast to the above manual process, an automated process can expedite automation change in an organization. From manual leaver processes to efficient and secure employee off-boarding. Below are the steps that IAM processes in conjunction with IAM tools can effectively be implemented to streamline the employee “scheduled termination” process:
  2. Once the employee termination process is completed by HR, the IAM process can either receive daily feeds or pull data for daily feeds from HR or a financial system such as Workday, PeopleSoft, SAP, etc.
  3. Once the feed is received by IAM processes, IAM tools can automatically check the flag for employee status and or effective “termination date” without any human intervention.
  4. IAM tools can automatically disable the network account as mandated by the effective date.
  5. Access removal to applications without request and explicit approval can be provided by removing group membership from Active Directory.
  6. IAM tools are sophisticated enough to either directly remove access to applications or send API requests to applications to access termination without any manual intervention. This can be applied for access removal in financial applications, critical IT applications, and applications that manage privileged access.
  7. Formal reports can be generated by the IAM tools for regulatory compliance, highlighting when a request for termination was submitted and when action was taken on the request.
  8. For immediate termination, usually, these things are conducted:
                   a.     Immediate termination of the access to the network
                   b.     Immediate termination of building access
                   c.     For employees with privileged access, manual requests such as phone calls are made to terminate access immediately
 
 
 

 Benefits of Automating The Leaver Process:



IAM processes are complex, detailed, cross many lines of business processes, and need industry, tools, and technology experience to design and implement. To be successful, business sponsorship is mandatory and the only way to provide business transformation via IAM initiatives. Leaver process is just one of the process and possibly the most critical part of IAM transformation.

iQuasar Cyber offers organizations experienced consultants who have implemented large scale IAM transformation projects to meet business goals. Schedule a consultation discussion to discover our IAM services and how we can automate IAM processes to lower costs, improve efficiency and provide safeguards via access controls

Book A Meeting

Recent Blogs

IAM vs IGA: Understanding Key Differences 
29Apr
BlogIAM

IAM vs IGA: Understanding Key Differences 

Learn more
Navigating CMMC Compliance Costs: Budgeting Tips and Assistance
24Apr
BlogCMMC

Navigating CMMC Compliance Costs: Budgeting Tips and Assistance

Learn more
CMMC Assessment Checklist: Essential Items for a Successful Assessment
26Mar
BlogCMMC

CMMC Assessment Checklist: Essential Items for a Successful Assessment

Learn more