Automatically Offboard Team Members from NetBird

NetBird's IdP-Sync integration simplifies offboarding team members, enhancing security and efficiency. With this integration, you can automatically revoke access when users leave the company, when temporary access for a freelancer ends after project completion, or when a seasonal employee's contract concludes. Likewise, you can use this integration to restrict access to specific resources or environments when a project finishes. For instance, you can limit network and resource access when a team member is removed from a group or when an entire group is deleted from your Identity Provider.

Removing Team Members

In this tutorial, we will focus on user_01, user_02, and user_03. From NetBird's Users dashboard, you can see that user_01 is part of the IT Administrators group, while user_02 and user_03 belong to the Staging group.

To get started, access your Identity Provider (IdP) dashboard. For this example, we’ll use Microsoft Entra ID (Azure AD).

Next, locate the user you want to offboard in your IdP's user management section. Let’s say you want to revoke access to user_01, in that case, you will need to select it and click the Delete button as shown below.

After deletion, click the Refresh button to confirm that the user is no longer active.

Wait for the NetBird integration to complete its next synchronization cycle, which usually takes 300 seconds. Alternatively, go to the Integrations screen in the NetBird admin console and click the corresponding integration button to manually trigger the synchronization.

Now, go to NetBird's Users dashboard to verify that the user is no longer listed.

Revoking Group Access

Imagine a scenario where you have an access policy that grants all members of the Staging group access to resources in the Servers group.

Let's say the current project is finished, and you no longer want members of the Staging group to have access to the Servers group. One way to do this is to remove the Staging group from your IdP.

Once the changes synchronize in NetBird, users and their group memberships will be updated; therefore, network access associated with that group will automatically be revoked.