What is deprovisioning?
Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away.
Deprovisioning typically occurs when an employee leaves a company or changes roles within an organization. It is the opposite of provisioning, the part of the employee lifecycle in which employees are provided access rights to software and IT services. Provisioning occurs as part of the onboarding process. Deprovisioning occurs during the offboarding process.
During offboarding, deprovisioning removes individual accounts on file servers, single machines and authentication servers, such as Microsoft Active Directory.
Why is deprovisioning important?
In addition to preventing former employees from accessing corporate resources, deprovisioning also frees up disk space, ports, certificates and company-issued computers for future use.
Organizations should audit and keep track of information during the deprovisioning process, including information such as who authorized the deprovisioning, the date deprovisioning occurred and what actions were taken. For compliance reasons, some organizations save deprovisioned accounts for a short period of time in case they need to restore credentials, files or workflows during an audit.
Organizations need to properly conduct deprovisioning whenever an employee leaves or changes positions to ensure data remains safe. A Beyond Identity survey found that 56% of employees who retained digital access said they used it to harm their former employer.
This was last updated in April 2023
Continue Reading About deprovisioning
Related Terms
- What is identity threat detection and response (ITDR)?
- Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks...Seecompletedefinition
- What is LDAP (Lightweight Directory Access Protocol)?
- LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and ...Seecompletedefinition
- What is passive keyless entry (PKE)?
- Passive keyless entry (PKE) is an automotive security system that operates automatically when the user is in proximity to the ...Seecompletedefinition
