Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.accessowl.com/llms.txt

Use this file to discover all available pages before exploring further.

To offboard a user, you have three options: use the AccessOwl Slack application, the web interface, or an HRIS integration. When you trigger an offboarding, each application admin is notified to remove the user. If provisioning is managed by an AccessOwl integration, the user’s accounts are automatically suspended or deleted.

Offboarding via…

Open the AccessOwl home tab and click the button “Offboard User”

Scheduled Offboarding

Scheduled offboarding ensures access is revoked on the user’s last day. You can set a future date and time when triggering offboarding through any of the methods above. Plans can change, so scheduled offboardings are flexible. Stakeholders (excluding the offboardee) receive notifications, and if a central notification channel is defined, it includes a link to reschedule.
In case the scheduled offboarding was manually triggered, the requestor also receives a notification. If no central notification channel is defined, the notification includes a link to reschedule the offboarding. Otherwise, the requestor’s notification does not contain a rescheduling link.

Employee Leave

When an employee goes on extended leave, their account in Google Workspace or Microsoft 365 is typically suspended by your IT admin. AccessOwl syncs user statuses directly from these directory services, so the status change is handled automatically. When an account is suspended: When a user is suspended, AccessOwl detects the change on the next sync, sets the user’s status to Inactive, and deactivates the user in AccessOwl. Assigned applications are not removed by default, so the user’s profile will still show access to the applications currently listed. If needed, you can remove application assigned to the user When the employee returns from leave: Once the account is reactivated in Google Workspace or Microsoft 365, AccessOwl detects the change on the next sync. The user will still appear as deactivated in AccessOwl, but their Google Workspace or Microsoft 365 access will automatically show as active again. To fully restore the user in AccessOwl, open the user’s profile and click Reactivate. All other application access tracked in AccessOwl remains unchanged from before the leave.
AccessOwl syncs with your directory approximately every 3 hours. After re-enabling an account, the status update in AccessOwl may take up to one sync cycle to reflect.
If you choose to manually remove application access for a user while they are on leave, you will need to request those applications again for them when they return.

Terminated Users with Access

After offboarding completes, some users may still have remaining access to applications - for example, apps that require manual removal or apps where deprovisioning was not yet configured. You can find these users in the Terminated Users with Access tab. Go to Users and select the Terminated Users with Access tab. From this tab you can remove remaining access in bulk:
1

Open the Terminated Users with Access tab

Go to Users and click the Terminated Users with Access tab.
2

Select users

Select individual users or use the checkbox to select all.
3

Remove access in bulk

Click Remove Access to revoke remaining access for all selected users at once. Application admins are notified for any apps that require manual removal.
Review this tab regularly to ensure no former employees retain access to company applications. This is especially useful for compliance and audit readiness.

FAQ

AccessOwl uses a single termination date from your HRIS to trigger offboarding. If your HRIS has multiple date fields (for example, a “last working day” and a “contract end date”), AccessOwl reads one of them. You can check which date field is being used in your HRIS integration settings.It is not possible to use different dates for different applications today.
If someone reactivates a user directly in Google Workspace (for example, to access their files or emails), AccessOwl detects the active account during the next directory sync and shows the user as active again. This is expected behavior.To track these events, go to the Reports tab in the admin interface. You can filter by user to see the full history of status changes, including when they were offboarded and when the sync picked up the reactivation. Reports can also be exported as CSV.
If you only need temporary access to an offboarded user’s data, consider using Google Admin’s delegated access or data export features instead of reactivating the account. This avoids triggering a re-sync in AccessOwl.