Online Retailer Customer Story
Meeting Disruption with Automation:
A Major Retailer’s Offboarding Transformation
98%
Successful Endpoint Recovery
96%
Time Reduction
for Complete Access Revocation
100%
Compliance with CIS/NIST Framework
Despite Disruptive Workforce Reduction
Business Profile
Industry
Retail
Employees
31,000+
Annual Revenue
$11 billion (2022)
Endpoints
55,000+
IT Managed and Unmanaged SaaS Apps
200+
Multi-Cloud Infrastructure
The Challenges
The retailer had already invested in and deployed Oomnitza’s IT Asset Management (ITAM) solution to manage the lifecycle of their hardware, software, and
virtual technology assets.
When macroeconomic factors and softness in the retail market forced them to reduce their workforce by several thousand full-and part-time workers, the sudden restructuring brought up several challenges related to securely offboarding employees in an efficient, compliant, and financially sound manner.
- The retailer needed to recover thousands of IT assets and SaaS licenses
- There were 40+ manual touch points and help desk tickets required per departing employee
- Without recovering the devices, the retailer faced mounting security and compliance risks
The Outcomes
The retailer partnered with Oomnitza to expand their use case to rapidly deploy and automate the Separation-to-Recovery (S2R) Secure Offboarding Process. In doing so, they:
- Deployed a zero-touch automated offboarding process, fully deployed in just 10 days
- Reclaimed 98% of endpoints from departing employees
- Saved millions through reclaimed assets and licenses
- Achieved 100% compliance with CIS/NIST frameworks
About the Retailer
A leader in the “do-it-yourself” home improvement market, this major retailer is committed to providing excellent service. With a focus on their customers, supply chain, and technology, they offer design services, expert advice, and low prices. They have invested heavily in technology to make their operations more efficient, and systems and tools are needed to manage their IT environment across hundreds of locations.
Making Offboarding and Asset Recovery Effortless
When economic challenges led to the reduction of thousands of roles, this major home improvement retailer needed to reclaim thousands of IT assets from departing employees. Due to the urgency, most offboarding tasks were often accomplished manually with little coordination between systems. In this company’s environment, these tasks would have represented immense overhead for their IT department, which was also impacted by the restructuring.
Instead of placing the burden on their IT staff, the retailer leaned into their technology investment. They extended their existing use of Oomnitza to automate their secure employee offboarding process—transforming what would have been a logistical and security nightmare into a streamlined, secure, and compliant process.
Within 10 days, the Oomnitza-powered “Separation to Recovery” workflow was live, delivering significant cost savings, resource efficiency, and peace of mind. In doing so, they were able to:
- Quickly and completely revoke access to systems, applications, SaaS, and cloud resources
- Catalog all cloud resources per employee to reduce the likelihood of orphaned instances
- Execute a plan to recover thousands of devices
- Determine what systems and applications might have work in progress and transfer ownership to managers or other peers to ensure business continuity
- Establish a new baseline of required software and SaaS licenses for vendor renegotiation
The retailer's environment
- Microsoft Intune for endpoint management
- Tanium for endpoint management
- CrowdStrike for endpoint security
- Meraki for network infrastructure management
- Google Workspace on all Android devices
- Jamf on all Mac and iOS devices
- CDW relationship for procurement
- Okta for single sign-on
- ServiceNow for service management and ticketing
- Workday for human resource management
Scaling Secure Offboarding During a Storm
Urgency Meets Complexity
The speed at which the retailer had to act made traditional, manual offboarding processes unsustainable. With thousands of employees exiting, the need for rapid, secure, and coordinated action was critical. Each offboarding would normally require 40+ manual steps—something their lean IT team simply couldn’t support.
Security Risks and Access Blind Spots
Without automation, access to systems, SaaS apps, and cloud infrastructure could remain open, leaving room for security vulnerabilities. The retailer needed a way to immediately revoke all access and account for cloud assets and in-progress work.
Device and License Recovery at Scale
The scale of asset recovery—laptops, mobile devices, licenses, and applications—was staggering. Beyond retrieval, the retailer also needed visibility into what could be reassigned, renegotiated, or decommissioned to minimize financial waste.
Maintaining Compliance Under Pressure
Amid this operational stress, compliance with the CIS and NIST security frameworks wasn’t optional. It didn’t matter that they were in the middle of a disruptive workforce reduction. The home improvement retailer had to meet their security and audit obligations.
The Retailer’s Secure Offboarding Process with Oomnitza
"The team at Oomnitza helped us automate the S2R ‘zero touch’ secure offboarding process. As a result, we were able to recover a high volume of employee-issued endpoints, as well as dramatically reduce the risk of unauthorized access to company systems and data. I highly recommend Oomnitza for anyone looking to streamline and secure their IT offboarding process.”
Vice President
IT Services
Major Home Improvement Retailer
Separation
- Integration with Workday to automatically activate a workflow in Oomnitza once there is a pending change to employee’s status in the HR system
- Automatically send confidential notifications to stakeholders, including IT, finance, legal, and department heads, with an inventory of all equipment assigned to the employee and the systems they have access to
Deprovision
- On separation day, lock a variety of assigned laptops and mobile devices (HP, Lenovo, Dell, Apple, Microsoft, and more) to restrict access to proprietary data through integration with Jamf and Tanium
- Turn off access to SSO-managed SaaS applications via integration with the Okta Identity Engine
- Remove access to Amazon Web Services as well as other applications that are provisioned without Okta through direct integration
Reassignment
- Ensure work product in systems, such as Google Workspace, Salesforce, AWS, and other services, is transferred to employee’s manager or other designated peer for business continuity
- Auto-forward inbound emails for former employees to a manager or other mailbox, and delete recurring invites
Recovery
- Automatically send a prepaid shipping label to the former employee for return of their assigned endpoints via integration with FedEx tracking
- Recover software licenses for either reuse by another employee or to renegotiate vendor agreements
Decommission/Reallocation
- Automatically assign endpoints to either the reallocation pool or send for end-of-life processing based on warranty date
- Wipe device, update the asset registry, and return to inventory or label it for e-cycle/disposal in the fixed asset register
Automation That Delivered Immediate Results
The retailer reached out to the Oomnitza Customer Success team for assistance. After reviewing requirements, the Oomnitza team recommended the Separation-to-Recovery (S2R) Secure Offboarding Process, which was fully implemented within 10 business days.
The retailer leaned on Oomnitza’s powerful low-code workflow engine to deploy the S2R process and automate repetitive, manual, and error-prone tasks. By leveraging the flexibility and expandability of the solution, the company was able to quickly pivot their business in response to external economic and market conditions.
The results were almost immediate.
The retailer was able to process a large number of offboarding employees, with little or no manual interaction. Not only did they successfully recover most of the employee-assigned endpoints, but they also achieved security framework compliance and protected company data from unauthorized access.
As a result of expanding their use of Oomnitza, the retailer was able to realize significant cost savings, security improvements, and IT efficiencies.
Major Cost Savings
The home improvement retailer successfully reclaimed 98% of endpoints from departing employees. This, by itself, achieved savings of several million dollars.
Massive Time and Resource Efficiencies
As the extensive number of manual processes for offboarding thousands of employees was reduced, their IT team was able to save hundreds of hours per month and keep their scarce IT resources focused on business critical projects.
Security Improvements
The completion time to remove access to key systems for departing employees as a result of using the automated S2R process was reduced to a few minutes, and they were able to achieve compliance with CIS and NIST frameworks. This dramatically reduced the risk of proprietary data exposure to unauthorized persons.
Zero-Touch Automation
The retailer extended their use of automation from technology lifecycle management to secure employee offboarding. They reduced the level of effort with over 40 manual touch points and help desk tickets down to a zero-touch automated offboarding process.
Interested in learning more?
Talk with an expert
Reach out to discover more about our modern ITAM solution.
