# Offboarding When a user leaves the organisation, their access must be revoked promptly. Suspending an account takes effect immediately across all devices and services — with no delay and no risk of residual access. ## Offboarding a user 1. Open the user's profile in **Users & Access** 2. Click **Suspend User** The user is immediately blocked from accessing any service from any of their registered devices. Their account and device records are preserved. {% hint style="success" %} Suspension is immediate. There is no delay, no token expiry to wait for, and no risk of the user retaining access after this step. {% endhint %} ## SAML applications — additional steps required {% hint style="warning" %} Suspending a user in Peig blocks authentication through Peig. However, for SAML-only applications (secondary providers), the user's account in the application itself is managed independently — Peig has no provisioning connection to remove or deactivate it. After suspending the user in Peig, you must also **manually remove or deactivate the user's account in each SAML application** to ensure no residual access remains. This may include archiving the user in the application if required by your retention policy. {% endhint %} This does not apply to Microsoft 365 or Google Workspace, where user lifecycle is managed through their respective admin consoles as part of your normal offboarding process. ## Offboarding contractors and temporary users The same process applies for contractors and temporary staff. To avoid forgotten access, note the expected end date when you create a contractor's account and set a calendar reminder to suspend them on that date. Remember to also remove their accounts from any SAML applications they had access to. ## What happens after suspension * The user's Peig app will no longer have access to the workspace * All connected services will deny authentication requests from the user's devices * For federated services like Microsoft 365, sign-in attempts are rejected at the Peig layer before reaching Microsoft * For SAML applications, authentication via Peig is blocked — but the user's account in the application must be removed manually ## Coming soon {% hint style="info" %} An **archive** feature is in development. This will allow you to formally close and archive user accounts while retaining a record of their access history for audit purposes. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/admin-guide/offboarding.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.