The sequence used to remove access when an employee leaves or a contract ends. A complete workflow reaches every system that can authenticate the identity, including third-party portals and support tools, because partial revocation leaves live access behind and undermines offboarding controls.
Expanded Definition
Termination workflow is the operational sequence that revokes a departing employee, contractor, or partner’s access across every system that can authenticate the identity. In NHI and IAM programs, the term matters because offboarding is not just account disablement in the primary directory; it must also reach service desks, SaaS admin consoles, VPNs, shared inboxes, privileged access platforms, and any automation account tied to the person.
Definitions vary across vendors when the same process is described as deprovisioning, offboarding, or access revocation, but the security outcome is the same: remove usable access fast enough that the identity cannot be reused. NHI Management Group treats termination workflow as a lifecycle control, not a one-time HR event, because delegated access, cached tokens, and third-party sessions often survive the initial personnel exit.
For broader lifecycle context, see the NHI Lifecycle Management Guide and the NIST Cybersecurity Framework 2.0 for governance expectations around access control. The most common misapplication is treating termination workflow as complete once the primary directory account is disabled, which occurs when downstream systems retain separate authentication paths.
Examples and Use Cases
Implementing termination workflow rigorously often introduces coordination overhead, requiring organisations to weigh rapid access removal against the cost of validating every downstream dependency.
- A contractor leaves, and HR triggers revocation of the corporate directory account, SaaS admin access, and any API keys stored in a secrets manager before the next billing cycle.
- An engineer is offboarded, and the workflow also removes access from Git repositories, cloud consoles, CI/CD tooling, and support portals that still trust the same SSO identity.
- A privileged support user departs, and the process closes sessions, disables delegated admin roles, and confirms that cached refresh tokens are no longer usable.
- A vendor engagement ends, and access to shared mailboxes, ticketing systems, and third-party portals is removed because those systems may not be governed by the core IAM stack.
- For lifecycle governance patterns, the Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs and the Top 10 NHI Issues both show why incomplete revocation is a recurring control gap.
Why It Matters in NHI Security
Termination workflow is a core NHI control because identities rarely exist in just one place. In modern environments, access can persist in scripts, integrations, CI/CD pipelines, vendor platforms, and service accounts that were provisioned during onboarding but never mapped back to a single owner. That is why the NHI Management Group reports that only 20% of organisations have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotation.
When this workflow is weak, the result is not just an administrative defect. It creates standing access that can be abused after role changes, contract endings, or account compromise, and it undermines Zero Trust assumptions by leaving trusted paths open longer than intended. The same issue is especially dangerous where NHIs are exposed to third parties, because a terminated user may still influence shared tooling or embedded credentials outside the primary enterprise boundary.
Practical governance should therefore include dependency discovery, revocation confirmation, and exception handling for systems that cannot be centrally managed. Organisations typically encounter the consequences only after a former user still logs in through a forgotten portal or token, at which point termination workflow becomes operationally unavoidable to address.
Related resources from NHI Mgmt Group
- How should organisations secure workflow platforms that handle both files and secrets?
- Why do workflow engines create such a large blast radius for attackers?
- How should security teams protect NHI secrets stored in AI workflow platforms?
- Why do AI workflow platforms create a larger identity risk than a normal app server?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 8, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
