Overview
Ensuring employee access to apps is promptly terminated upon departure is essential for maintaining organizational security.
Torii simplifies this process by allowing IT to offboard employees in real-time automatically.
Torii can trigger workflows and update user lifecycle statuses by listening for key app events, facilitating efficient and effective offboarding.
The functionality is currently available for Google Workspace, Okta and BambooHR only.
Make sure you enable the relevant scopes for Google, Okta and BambooHR.
Please note: The BambooHR feature is still in beta.
Sync and Real-time offboarding
However, to ensure that user lifecycle data remains up-to-date, we continually monitor critical events that are crucial for initiating offboarding and update the information related to these events in real time within Torii.
- User was deleted
- User was suspended. Torii only monitors suspensions carried out by an Admin in the Admin console, and not automatic suspensions executed by Google.
- User was archived
- User was assigned to org unit
Okta
- User was deleted
- User was deactivated (and their status was changed to deprovisioned)
BambooHR (beta)
- User was terminated immediately.
Torii only monitors sudden employee terminations. Specifically, the event captures cases where a user’s employment status is changed to "terminated" and the termination date is set to today, or a past date. For users with a planned termination and a future termination date, updates will occur every 24 hours during the daily sync once the termination date arrives. However, for users with an immediate termination, we will update the BambooHR employment status and BambooHR termination date attributes in Torii in real time.
Adding users to the Offboarding To-Do list
This will make the user appear on the Offboarding >> To-do page, keeping the "Offboarding To-Do" list up to date.
While you can manually trigger employee offboarding from the To-do list, we highly recommend leveraging Torii's "App Event" trigger to automate the process entirely.
By relying on Torii automation, you can achieve a more efficient and effective offboarding experience that requires minimal intervention.
Important -
Note that BambooHR operates differently from Google Workspace and Okta. Users will not be marked as "Past Users" in real time and will only be added to the Offboarding To-Do list one day after they are marked as terminated in BambooHR.
For real-time offboarding with BambooHR, it is essential to rely on Torii’s automation to trigger the process immediately upon termination.
App Event trigger and Real-time offboarding
Workflows that use the App Event trigger will be triggered immediately whenever a selected Google, Okta or BambooHR event occurs.
Select the Application, Application account, and Event to set up the trigger.
Add an action, in this case, "Start employee offboarding."
Note that Google Workspace, Okta and BambooHR do not have to be selected as a user lifecycle source of truth in Torii to use this trigger.
Q & A
Q: Will workflows with "User left' and "User meets criteria" triggers that rely on Google Workspace, Okta or BambooHR attributes be triggered in real time?
A: Despite the User attributes being updated in real-time, it might take up to 1h for workflows with state-based triggers to be initiated. Use the "App event" trigger to trigger workflows in real-time.
Please note that "User left" workflows will not be triggered in real time for BambooHR, as we do not mark a user as past in real time when BambooHR is set as the user lifecycle source of truth. However, "User meets criteria" workflows with the filters "BambooHR employment status is terminated" and "BambooHR termination date is today" will be triggered within 1 hour, but only for users whose termination is immediately effective.