User Offboarding App
You can automatically downgrade users in Atlan to the Guest role based on their group memberships. This helps streamline offboarding, enforce consistent access restrictions, and reduce manual effort by ensuring that departing users or contractors are limited to minimal, read-only access.
The User Offboarding app enables you to manage role transitions securely and efficiently. It's especially useful for organizations with frequent role changes, contractors, or employees leaving the company.
Prerequisites
Before you begin, make sure you have:
- Access to the User Offboarding app. If you don’t have access, contact contact Atlan support or your Atlan customer team to request it.
- A dedicated group in your identity provider (IdP) or user management system for offboarded users (for example,
offboarded-users). - The Guest role available in your Atlan tenant to provide consistent role downgrades.
Setup workflow
-
In your Atlan workspace, go to the homepage and click New workflow in the top navigation bar.
-
Search for User Offboarding, and then select Set up workflow.
-
In the Workflow name field, enter a descriptive name that clearly identifies the purpose of this workflow.
Example:atlan-prod-user-offboarding -
In the Offboarding method, select the Role update to Guest. This is the default and only available option, which enables you to downgrade offboarded users to the Guest role with minimal, read-only access.
-
In the Group list field, provide the names of Atlan groups that contain offboarded users. Enter multiple group names separated by commas. For example:
offboarded-users, alumniinfoUsers already assigned the Guest role or belonging to multiple groups are skipped, while users with only one of the specified groups are downgraded to Guest.
-
Schedule and run the workflow. Run it manually or set a recurring schedule to automatically downgrade offboarded users and keep role assignments up to date.
Need help?
If you have any issues related to configuring the app, contact Atlan support.