An engineer leaves your company on a Friday. HR sends the standard checklist: return the laptop, revoke the Google workspace account, cancel the parking pass. The IT portion takes twenty minutes. Done.
Twelve days later, your VP of Engineering notices that the departed engineer's name still appears as a seat holder in Figma, Linear, and Notion. The Slack account was deactivated but the tool access wasn't revoked. None of it was included in the offboarding checklist because nobody knew all three tools were in the stack.
This is not a security incident — yet. But it is a cost problem, a compliance exposure, and a sign that your offboarding process has a gap that will compound over time as your team grows and your SaaS stack expands.
There are three reasons SaaS revocation falls through the cracks during offboarding, and they're not about negligence — they're structural.
First, the tools list lives nowhere complete. The canonical list of what your team uses might be partially in a Notion page, partially in the memory of whoever manages the company card, and partially undocumented. The person running the offboarding works from an incomplete picture.
Second, the tools list doesn't connect to seat holders. Even if you have a list of your SaaS subscriptions, that list probably doesn't tell you which specific employees hold seats in each one. Matching the departing employee to their tools requires cross-referencing across multiple systems — work that rarely happens under the time pressure of an active offboarding.
Third, responsibility is diffuse. HR owns the offboarding process but doesn't know the tech stack. IT knows the infrastructure but not the 40-odd departmental SaaS tools each team manages themselves. The gap between these domains is where access persists.
Ghost seats — active tool licenses assigned to former employees — cost companies money in two distinct ways.
The direct cost is obvious: you're paying for licenses that provide no value. At $45/seat/month for a design tool, one unrevoked former employee seat is $540/year. Three ghost seats across your tools stack can easily reach $1,500–$3,000/year once you account for per-seat pricing across all the tools where that person had access.
The indirect cost is harder to quantify but potentially larger: security exposure. A former employee who retains tool access — even unintentionally — has a potential vector into your company's data. Most SaaS tools tie access to an email address that's been deactivated, which reduces the risk. But not all do, and the risk isn't zero.
"We ran our first full audit after a compliance review flagged the issue. Found 14 ghost seats across 9 tools. The total annual cost was just under $2,800. The compliance exposure was harder to put a number on."
— IT Manager, 55-person B2B company
The core problem is that you can't revoke access to tools you don't know the person uses. The checklist has to start with discovery.
A one-time checklist is better than nothing. But the real gain comes from maintaining a live register of seat assignments — so that when someone leaves, the revocation list generates automatically instead of requiring discovery work each time.
That's the difference between a process that works when you remember to run it and a process that runs itself. If you track seat assignments in Subrina, setting an end date on an employee profile generates the checklist automatically. Each item gets marked done as you work through it. Seat counts update in real time. Ghost seat alerts disappear as you close each item.
The process still requires human action — someone has to actually revoke the access — but the discovery and tracking overhead drops to near zero.
This article covers SaaS access as one component of offboarding. A complete offboarding process also covers hardware return, data transfer, account handoff for any tools where the departing employee was the sole administrator, and documentation of ongoing projects. The SaaS access piece is one of the most reliably skipped — but it shouldn't be treated as the whole picture.
Subrina's offboarding checklists auto-generate from your seat assignment records. Set an end date, and every active seat becomes a checklist item. See how it works →
How the average 30-person company wastes $4,200/year on forgotten SaaS — and how to find it.
Read article →The exact process for ops teams running their first full SaaS audit.
Read article →