Overview
Failing to revoke system access after an employee departure is one of the most common security vulnerabilities for small businesses. Former employees with active accounts represent a real data breach risk — and manual offboarding is error-prone when there are 10-20+ apps to deactivate. Rippling's offboarding automation deactivates all connected apps simultaneously the moment a termination is processed, with a complete audit trail showing which access was revoked and when. This closes the security gap in minutes, not days.
Before you start
- Rippling HR + IT plan (App Management required)
- All company apps connected to Rippling App Management
- Admin permissions configured in Rippling
Step-by-step guide (4 steps)
Initiate offboarding through Rippling HR
When an employee leaves, process their departure in Rippling → Offboarding. Set the termination date. Rippling will queue all offboarding actions to execute on that date (or immediately for involuntary terminations). Never process a departure directly in individual apps — always start in Rippling.
Review the auto-generated offboarding checklist
Rippling automatically generates an offboarding task list including: app deprovisioning, payroll finalization, benefits termination, equipment retrieval, and COBRA notification. Review the list and assign any manual tasks (equipment pickup, exit interview) to the appropriate team members.
Configure immediate vs. scheduled deprovisioning
For involuntary terminations: set all app deprovisioning to trigger immediately when you click 'Terminate'. For voluntary departures with a notice period: schedule deprovisioning for the last day. Rippling executes the revocations at the scheduled time automatically.
For employees with access to financial systems (QuickBooks, Stripe, Bill.com), set revocation to trigger immediately regardless of departure type. The risk of delayed revocation for financial tool access is too high.
Verify the offboarding audit log
After deprovisioning, review Rippling → App Management → Activity Log. Confirm that every app shows 'Deprovisioned' status for the terminated employee. Save this audit log as documentation — it's your evidence of compliance if an access incident ever occurs.
What you'll get
All app access revoked simultaneously in minutes — not over days
Complete audit trail proves access was removed and when
Eliminates human error from manual app-by-app offboarding
Reduces security and data breach risk from lingering access
Common mistakes to avoid
Processing departures in individual apps instead of starting in Rippling — creates gaps in the deprovisioning
Not connecting all apps to Rippling — apps not in the system are not deprovisioned automatically
Using 'Deactivate' instead of the full offboarding flow — may not trigger all app deprovisioning
Not reviewing the audit log — silent failures in deprovisioning go unnoticed
Frequently asked questions
Do I need coding experience to set up this Rippling automation?
No coding is required. This guide walks you through everything using Rippling's built-in features and Zapier's visual interface. If you can follow a recipe, you can follow this guide.
How long does this automation take to set up?
Most users complete this setup in 30–60 minutes on their first try. Once set up, it runs completely automatically with zero ongoing effort.
What happens if the automation fails?
Zapier and Make both have error notifications and task history, so you'll know immediately if something goes wrong. We cover troubleshooting steps in the guide above.
Can I customize this automation for my specific business?
Absolutely. The guide includes notes on common customizations. Most automations have multiple variation points — timing, conditions, notification recipients, and more.