Mass-layoff offboarding: what identity teams keep missing

TL;DR: Mass layoffs compress offboarding into a short, high-risk window where delayed revocation, poor HR-IT integration, and incomplete app inventories increase the chance of data exposure, according to Zluri. The real issue is not speed alone but whether lifecycle control is accurate enough to remove access before former employees can retain meaningful reach.

NHIMG editorial — based on content published by Zluri: Lifecycle Management Managing Offboarding During Mass Layoffs

By the numbers:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: What breaks when offboarding depends on manual coordination during mass layoffs?

A: Manual offboarding breaks because access removal, data transfer, and licence reassignment stop being deterministic.

Q: Why do HR and IT integrations matter for employee offboarding?

A: HR and IT integration matters because HR usually owns the leaver event while IT owns the access changes.

Q: How do you know if offboarding controls are actually working?

A: Offboarding controls are working when access is removed on the first pass, data ownership is transferred cleanly, and no orphaned accounts remain in SSO or application logs.

Practitioner guidance

• Automate leaver-triggered deprovisioning Connect HR status changes directly to identity workflows so app access begins revocation as soon as a departure record is authoritative, not after manual follow-up.
• Maintain a live system of record for apps and licences Track every SaaS app, entitlement, and owner relationship in one operational inventory so offboarding does not depend on spreadsheets or memory.
• Sequence data transfer before access removal Require ownership transfer and backup completion before final account deletion, especially where departing staff handle financial records or client data.

What's in the full article

Zluri's full blog post covers the operational detail this post intentionally leaves for the source:

• A walkthrough of the offboarding workflow setup inside the platform, including how workflow selection and user selection are handled.
• Operational detail on how HRMS integration feeds departing employee data into deprovisioning actions.
• Step-by-step guidance on data backup, ownership transfer, and final account deletion during offboarding.
• Examples of how sign-in records, audit records, and access logs are used to check whether ex-employees still retain access.

👉 Read Zluri's guide to offboarding during mass layoffs →

Mass-layoff offboarding: what identity teams keep missing?

Explore further

View Full Forum →  |  NHI Foundation Course →