> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Offboarded users should not have active access

> Checks that offboarded employees no longer have active SentinelOne access.

Checks that offboarded employees no longer have active SentinelOne access.

## About

Offboarded employees must not retain access to the endpoint security console. On every sync DSALTA matches each user with active SentinelOne access to your **People** directory by email. If a matched person is offboarded (terminated or in offboarding) but still has active access, the check flags it as a serious issue.

## Why This Matters

When someone leaves and their access is not revoked, their account becomes an unmonitored door into a sensitive security system. Timely access removal on termination is explicitly required by SOC 2, ISO 27001, HIPAA, and GDPR.

## How to Fix

**Before you begin**

* Identify offboarded employees by cross-referencing your HRMS (or the DSALTA **People** module) with the users who can sign in to SentinelOne.

**Remove access for offboarded users**

1. In SentinelOne, go to **Settings → Users** and remove console users who have been offboarded.
2. In DSALTA, open **People** and confirm offboarded employees are marked terminated.

Once no offboarded employee retains active SentinelOne access, DSALTA retrieves the change on the next sync and sets the check status to **Passing**.

## Frequently Asked Questions

<AccordionGroup>
  <Accordion title="How often does this check run?">
    This check runs automatically every 24 hours while the SentinelOne integration is connected. You can also trigger a manual sync from **Integrations** in the sidebar.
  </Accordion>

  <Accordion title="What happens if it keeps failing?">
    A failing check appears in your **Data Library → Tests** dashboard. Work through the steps above; once offboarded users no longer have access, the status updates automatically on the next sync.
  </Accordion>

  <Accordion title="Can I exclude this check?">
    Yes. If it does not apply to your environment, mark it as **Not Applicable** with a justification. The exclusion is documented for auditors.
  </Accordion>

  <Accordion title="Does DSALTA change my SentinelOne configuration?">
    No. DSALTA uses **read-only API access** and never modifies, creates, or deletes resources. All remediation is performed by your team directly in SentinelOne.
  </Accordion>
</AccordionGroup>
