Term · 9. Business Processes & Methodology
Offboarding
Definition
End-of-lifecycle process when an identity is terminated — disable accounts, revoke entitlements, terminate active sessions, archive credentials, transfer data ownership. Speed of offboarding is a key security metric — orphaned access is a major insider threat vector. Best practice: complete termination within 1 hour of HR event.
- Application
- MidPoint: Business process that takes place when a person leaves an organization.
Related terms
-
Deprovisioning (Deprov)
Removal of an identity's access from a target system — typically triggered by termination (Leaver), role change (Mover), …
-
Entitlement Creep
Gradual accumulation of access rights beyond what's needed for current job, as users change roles without losing prior a …
-
Over-provisioning
Granting access beyond what's needed for the role — common cause of attack surface expansion and SoD violations. Sources …
-
Multi-factor Authentication (MFA)
Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
-
Onboarding
Beginning-of-lifecycle process when a new identity joins — create accounts, assign baseline access, distribute credentia …
-
Orphan Account
Account in a target system that cannot be correlated to any identity in the identity warehouse — abandoned by previous o …