Skip to main content

Workflow Template: Automated Employee Offboarding

Automatically disable all SailPoint-managed accounts when an identity is terminated, with ServiceNow ticketing and Slack notification.

Updated today

The "Automated Employee Offboarding" workflow template streamlines the process of disabling all SailPoint-managed accounts when an employee is terminated. Triggered by a SailPoint identity state change event, this workflow ensures swift and consistent offboarding by verifying termination, retrieving associated accounts, and disabling those not already inactive. It also creates a ServiceNow incident for hardware retrieval and sends a Slack notification to the security team, enhancing security and operational efficiency.

Take Me to the Template

Trigger

Use Cases

Case Management , Identity and Access Management

Workflow Breakdown

  1. Triggered by a SailPoint identity state change event

  2. Check whether the identity's state has changed; exit if no change

  3. Retrieve the full identity record from SailPoint

  4. Check whether the identity has been terminated; exit if not

  5. Retrieve all accounts associated with the terminated identity

  6. For each account, check whether it is already disabled

  7. Create a ServiceNow incident for hardware retrieval and offboarding tracking

  8. Send a Slack notification to the security team summarizing the actions taken

Vendors

Slack, Utils, ServiceNow OAuth, SailPoint

Related Articles
Workflow Template: Handle Suspicious AWS Console Logins (AWS SNS)
Workflow Template: Disable a Specific User in Google Cloud Identity
Workflow Template: ITSM - Notify Slack user on closed/resolve incidents (ServiceNow)
Workflow Template: Ask Users to Confirm Failed JumpCloud Login Attempts
Workflow Template: Offboard SaaS User from Grip on Trigger from Hibob
Did this answer your question?