Deprovisioning is the part of the employee life cycle in which access rights to software and network services are taken away. Deprovisioning typically occurs when an employee leaves a company or changes roles within the organization. It is the opposite of provisioning,  the part of an employee's lifecycle in which he or she is provided with access rights to software and IT services during. Typically, provisioning occurs as part of the onboarding process and deprovisioning occurs during the offboarding process. 

During offboarding, deprovisioning removes individual accounts on file servers, single machines or authentication servers, such as Active Directory. In addition to preventing a former employee from accessing corporate resources, the process also frees up disk space, ports, certificates and company-issued computers for future use.

It's important for organizations to audit and keep track of information during the deprovisioning process, including information such as who authorized the deprovision, the date deprovisioning occurred and and what actions were taken. For compliance reasons, some organizations will keep  deprovisioned accounts for a short period of time in case there is a need to restore credentials, files or workflows during an audit.

Deprovisioning best practices

While provisioning systems such as Microsoft Active Directory are great tools for administering the life cycle of end-user account management, if the rules they follow are incomplete or flawed, they can create access rights that violate company policies and cause regulatory compliance issues. Implementing an access recertification process as part of the initial provisioning system rollout is one of a few key user provisioning best practices. The recertification process allows auditors, security personnel and managers who are responsible for end-user access to verify that the workflows and rules configured within the provisioning system are correct. 

This was last updated in March 2019

Continue Reading About deprovisioning

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing