Rippling

Overview

Rippling's platform is engineered to facilitate the instant and automated revocation of both digital application access and physical building badges upon an employee's termination. This comprehensive offboarding capability is a critical security feature that leverages the system's 'Employee Graph,' a unified data model that serves as the single source of truth for all HR and IT information. When an employee's status is changed to 'terminated' within the Rippling HRIS, it triggers a cascading, automated workflow designed to securely and completely remove their access to company resources, minimizing the risk of post-employment security breaches.

Key Features

The process for revoking digital access is multifaceted. Primarily, Rippling disables the terminated employee's Single Sign-On (SSO) credentials, which immediately cuts off their ability to log into any application connected to the Rippling identity provider. This includes critical business systems such as email, cloud storage, and various SaaS platforms. Beyond SSO suspension, Rippling utilizes the SCIM (System for Cross-domain Identity Management) protocol and direct API integrations to actively de-provision user accounts in over 600 supported third-party applications. This ensures that the user account is not just disabled but fully removed or suspended within the application itself. To help administrators confirm the success of this process, Rippling provides an 'Application Access Count Report' that can be used to audit and verify that no stray access points remain.

Technical Specifications

For physical security, Rippling extends its revocation capabilities to building access control systems. The platform integrates with leading physical security providers, including Kisi, Envoy, Openpath, and Brivo. When an offboarding workflow is initiated, Rippling sends an automated command via API to the integrated access control system, which then deactivates the employee's physical credentials, such as a key card or mobile badge. The integration with Kisi, for example, is described as updating its directory 'instantly' to match the employee's status change in Rippling, ensuring that physical access to office locations is terminated concurrently with digital access.

How It Works

The term 'instant' is central to Rippling's claims; while the internal data change within the Employee Graph is immediate, the propagation time to external systems depends on the specific integration method (e.g., webhook latency, API response time, or sync intervals). In practice, the process is designed to be rapid and automatic, but a minor delay of seconds or minutes could occur depending on the third-party system.

Use Cases

Limitations and Requirements

It is crucial to understand that this level of automation is not inherent and requires deliberate setup. Administrators must pre-configure the integrations with all relevant SaaS applications and physical security systems. Any application or access point not integrated with Rippling will require manual revocation outside of the platform's automated workflow. The offboarding process also includes other automated actions, such as remotely locking and wiping company-issued devices, initiating hardware retrieval logistics, and transferring ownership of digital assets like Google Drive files to a manager.

Comparison to Alternatives

Summary

In conclusion, Rippling provides a powerful and highly automated solution for instantly revoking both application access and building badges during employee offboarding. The effectiveness of this feature is contingent on its unified data model and the proper configuration of integrations with third-party digital and physical security systems. By centralizing and automating these critical offboarding tasks, Rippling significantly enhances organizational security, reduces administrative workload, and mitigates the risks associated with manual de-provisioning processes.