Skip to main content
Log inGet free account
Last Reviewed: February 11, 2025

Offboarding

Learn how to revoke access and offboard a user following personnel changes.

Discuss in Slack
Edit this page on GitHub Report an issue with this doc

Offboarding a user is necessary following personnel changes in your organization. You can revoke their access following the process below.

Revoke Pantheon access

When a person with access to your site(s) on the platform leaves the company or project, it is important to immediately remove them from the team so that they no longer have access to make changes to your site.

The following operations are authenticated via SSH Keys, which are configured by the user in their account dashboard:

  • Git
  • SFTP
  • Terminus (Drush and WP-CLI)

Once a user is removed from a given Pantheon site, their SSH key will no longer authenticate these operations.

Note

All users can be removed except the site owner.

To remove a user:

  1. Go to the workspace and select the Team tab.

  2. Find and select the team member(s) you wish to remove.

  3. Select Actions, then Remove.

  4. Select Yes, I am sure I want to remove this person, then click Yes, Remove.

  5. Enterprise customers with the Administrator role will instead be provided additional options to remove the user's access from associated sites. You will need to select one of the following and then click Remove Access:

    • Everything: removes the Pantheon user from the workspace and any site teams across all sites associated with the given workspace on Pantheon. This does not impact WordPress and Drupal user accounts, which need to be revoked separately by blocking or deleting the user account inside the CMS.

    • Workspace Only: removes a member from this workspace only. Associated sites will not be impacted.

      Pantheon Workspace dashboard with remove user modal open and options for removing the user from everything or for removing the user from just the workspace

After a user is removed, in addition to the steps above, we recommend you:

  1. Contact Pantheon support to perform an internal workflow that will migrate your site's database, causing the MySQL credential details to be cycled.

    This step is necessary since database credentials are printed in the dashboard and do not depend on a user's site access for authentication. Make a note of your current credentials and compare them afterwards to ensure database access was properly revoked.

  2. Delete or block the user's account in Drupal or WordPress.

  3. Change any shared account passwords the user may have had access to.