DEV Community

Brandon Rummel
Brandon Rummel

Posted on • Edited on

Identity & Access Management (IAM) Offboarding SOP – Enterprise Systems

Purpose

This document defines the standard process for removing enterprise system access from departing employees in accordance with company security and identity management requirements.

Document Control

Document Title: IAM Offboarding SOP – Enterprise Access Removal
Environment: Simulated Enterprise (Turing Insurance Reference Model)
Version: 1.6
Owner: IT Service Desk / IAM Operations
Last Updated: 06/08/2026
Review Cycle: Quarterly

Scope

This procedure applies to the following systems:
Identity provider: Okta
Email: Microsoft Exchange
Claims management system: Claims Radar (Fictional)
Document Management System: OneDrive
Internal messaging: Microsoft Teams
Ticketing System: ServiceNow

1. Prerequisites

  • HR termination approval confirmed in Service Now
  • Manager approval received
  • Security clearance verified
  • Offboarding ticket assigned and scheduled

2. Okta Identity Revocation

  • Locate correct user profile using username/email
  • Confirm department
  • Confirm manager name
  • Confirm location
  • Disable Okta user account
  • Remove all role-based access groups
  • Remove location-based access groups
  • End all active browser sessions
  • Apply 'TERM' to display name
  • Screenshot profile and attach to ticket.

3. Microsoft 365 Access Revocation

  • Disable user account via M365 Admin Center
  • End active sessions
  • Disable Exchange Mailbox access
  • Confirm Teams profile is disabled
  • Remove OneDrive access
  • Screenshot each step and attach to ticket

4. Active Directory / IAM Synchronization

  • Disable AD Account
  • Remove group memberships
  • Force directory sync
  • Screenshot disabled AD profile and attach to ticket

5. Claims Radar Account Revocation

  • Revoke Claims Radar Role membership
  • Validate application login failure
  • End any stuck active sessions
  • Screenshot login failure message and attach to ticket

6. ServiceNow Closure Actions

  • Update offboarding ticket with completed checklist
  • Confirm all screenshots attached
  • Mark completion time
  • Notify 'On/Offboarding Channel' and Distribution Group

7. Final Verification

  • Okta account disabled
  • Okta group removal verified
  • Active sessions terminated
  • M365 access revoked
  • AD account disabled
  • Claims Radar access revoked
  • OneDrive access revoked
  • ServiceNow ticket updated
  • Appropriate groups notified
  • Escalation resolved (if needed)

8. Escalation Criteria

  • MFA removal failure
  • Identity sync failure
  • Active session termination failure
  • Application access persistence post-removal
  • Security override requirement

Top comments (0)