Offboarding is a critical security process. When an employee leaves the organization, IT must ensure that device access, account permissions, and company data are properly secured or removed.
Swif helps you standardize offboarding across devices and systems, reducing risk and ensuring compliance.
This guide outlines the recommended end-to-end offboarding workflow.
Overview
A complete offboarding process typically includes:
Deactivating user access
Securing or wiping company devices
Removing or transferring account access
Running offboarding checklists
Verifying compliance and documentation
Swif provides structured tools to make this repeatable and auditable.
Step 1: Disable or Remove the User
Begin by deactivating the user in your identity provider (Google Workspace, Microsoft Entra, etc.).
Then:
Confirm the user is disabled in Swif (via sync or manual action)
Remove the user from Smart Groups if necessary
Review all devices associated with the user
This prevents new login attempts and policy conflicts.
Step 2: Secure or Recover Devices
Next, determine device ownership and apply appropriate actions.
Company-Owned Devices
For corporate devices:
Remote Lock (immediate lockout)
Remote Wipe (full device erase)
Remove Platform SSO access
Rotate local admin credentials (if applicable)
If hardware is being returned:
Keep the device enrolled
Reassign to a new user after re-provisioning
BYOD / Read-Only Devices
For personal devices:
Remove the device from management
Remove user association
Ensure no corporate data or profiles remain (if applicable)
Step 3: Run the Team Offboarding Checklist
Swif provides Team-Level Offboarding Checklists to ensure no steps are missed.
These checklists allow you to:
Define department-specific offboarding steps
Assign responsibilities
Track completion
Maintain audit documentation
Typical tasks include:
Hardware collection
Access review
Data transfer confirmation
License reassignment
👉 Learn more: Team‑Level Offboarding Checklist Settings
Using a structured checklist ensures consistency and reduces human error.
Step 4: Deprovision Accounts & Access
If your organization manually manages SaaS access or internal systems, use the Manual Account Provisioning & Deprovisioning Checklist.
This helps track the removal of access from:
Google Workspace / Microsoft 365
GitHub / GitLab
CRM platforms
Finance systems
Internal admin tools
VPN / SSH access
This ensures:
No orphaned accounts remain
Licenses are reclaimed
Audit trails are documented
Step 5: Verify Compliance & Closure
Before marking offboarding as complete:
✔ User account is disabled
✔ Devices are locked, wiped, or reassigned
✔ Platform SSO access removed
✔ All SaaS accounts deprovisioned
✔ Offboarding checklist completed
✔ Documentation recorded
You may also:
Run a final device compliance report
Review audit logs for recent activity
Confirm license recovery
Best Practices
Begin offboarding immediately upon termination notice.
Use structured checklists instead of ad hoc processes.
Revoke identity access before wiping devices.
Keep documentation for audit and compliance reviews.
Periodically review offboarding workflows to close gaps.
Summary
Swif helps transform offboarding into a secure, standardized process.
By combining:
Immediate device control
Identity deactivation
Structured team offboarding checklists
Manual account deprovision tracking
You can significantly reduce security risk and ensure clean separation when employees leave.