← Back to blog
·3 min read

Employee Offboarding Checklist for Remote Teams

A step-by-step offboarding process that ensures no access is left behind, no devices go missing, and no licenses go to waste.

When someone leaves a remote company, the offboarding process is usually one of two things: a frantic scramble or nothing at all.

Neither is acceptable. Every departing employee represents a security risk, a potential compliance issue, and wasted spend on licenses nobody's using. Here's how to do it properly.

Before the last day

The best offboarding starts before the employee's final day. As soon as a departure is confirmed, you should:

  • Document all access. List every tool, platform, and service the employee uses. This is harder than it sounds for remote teams. People sign up for tools without telling anyone.
  • Identify shared credentials. Any passwords, API keys, or shared accounts the employee had access to need to be rotated after they leave.
  • Coordinate device return. If the employee has company hardware, arrange shipping with a prepaid label. Don't wait until after they're gone.
  • Back up their data. Transfer ownership of any critical documents, files, or projects to their manager or a team member.

On the last day

Timing matters. Access revocation should happen on the employee's last day, ideally within 15 minutes of their departure becoming effective:

  • Disable their identity provider account. If you use Okta, Google Workspace, or Azure AD, disabling the account here cascades to connected apps.
  • Revoke access to all SaaS tools. Don't rely on SSO alone. Check for tools that use separate credentials or were set up outside your identity provider.
  • Remove from Slack, email, and communication tools. Deactivate their accounts rather than deleting them, so message history is preserved.
  • Disable MFA tokens and recovery methods. Remove their phone number, authenticator app, and any backup codes from all services.

After departure

The work doesn't stop when the employee logs off for the last time:

  • Rotate shared credentials. Any shared passwords, Wi-Fi keys, or API tokens the employee had access to should be changed immediately.
  • Wipe the device remotely. Use your MDM platform to wipe the device as soon as it's confirmed the employee has backed up personal files.
  • Recover the license. Reassign or cancel the licenses that were allocated to the departing employee. This is where companies leak thousands in SaaS spend.
  • Audit access logs. Check for any unusual activity in the days leading up to departure. Better safe than sorry.

Why most remote teams get this wrong

The simple answer: nobody owns it. Without a dedicated IT person, offboarding is an afterthought. HR handles the people side, but the technical side falls through the cracks.

That's how you end up with ex-employees who can still access your company's data months after they've left.

The fix

Either build this process in-house and assign a clear owner, or bring in a fractional IT contractor who handles it as part of their retainer. Either way, the process should be documented, repeatable, and auditable.

Offboarding isn't glamorous. But it's one of the highest-stakes IT processes your company has. Get it right.

DD

Daniel Duggan

Fractional IT for remote teams

Related posts

·3 min read

The Real Cost of Not Having IT: What Remote Teams Get Wrong

SaaS waste, security gaps, and founder time burned on password resets. The cost of no IT is higher than you think.

securitysaas managementremote teams
·2 min read

What Is a Fractional IT Contractor? (And Why Remote Teams Need One)

Fractional IT is the sweet spot between winging it and hiring full-time. Here's how the model works and who it's built for.

fractional itremote teamsit management
·3 min read

How to Handle IT When You're Too Small for a Full-Time Hire

There's a gap between 'wing it' and 'hire someone.' Here's how smart remote teams bridge it without breaking the budget.

small teamsremote teamsit management