Offboarding
Learn how to revoke access and offboard a user following personnel changes.
Offboarding a user is necessary following personnel changes in your organization. You can revoke their access following the process below.
Revoke Pantheon access
When a person with access to your site(s) on the platform leaves the company or project, it is important to immediately remove them from the team so that they no longer have access to make changes to your site.
The following operations are authenticated via SSH Keys, which are configured by the user in their account dashboard:
- Git
- SFTP
- Terminus (Drush and WP-CLI)
Once a user is removed from a given Pantheon site, their SSH key will no longer authenticate these operations.
All users can be removed except the site owner.
To remove a user:
Additional Steps (Recommended)
After a user is removed, in addition to the steps above, we recommend you:
-
Contact Pantheon support to perform an internal workflow that will migrate your site's database, causing the MySQL credential details to be cycled.
This step is necessary since database credentials are printed in the dashboard and do not depend on a user's site access for authentication. Make a note of your current credentials and compare them afterwards to ensure database access was properly revoked.
-
Change any shared account passwords the user may have had access to.