Docs / Team & Access / Offboarding and Access Cleanup

Offboarding and Access Cleanup

Published · Last updated: May 2026 · 3 min read

Who this is for

Organization Owners who need to remove a team member's access when they leave the team or their role changes.

What you will complete

Remove a team member from your organization, verify their access is fully revoked, and clean up any resources they owned or managed.

Before you begin

  • Owner role required to remove members.
  • Have the departing member's email or name ready.

Step-by-step: remove a team member

  1. Go to Settings → Team Members.
  2. Find the member you want to remove.
  3. Click the Remove or Revoke Access button on their row.
  4. Confirm the removal in the dialog that appears.
  5. The member is immediately removed from the organization. Their session is invalidated and they cannot log in to your organization's dashboard.

What happens immediately after removal:

  • The member can no longer access any resources in your organization.
  • Their active sessions are ended.
  • Any AI Pilot conversations they initiated remain in the audit log.
  • Resources they created (sites, servers, backups) are not deleted — they remain accessible to other Admins and Owners.

Post-removal checklist

After removing a member, complete these steps to ensure full access cleanup:

1. Check notification channels If the departing member set up personal notification channels (email, Telegram) for the organization, remove those channels or update them. Go to Settings → Notification Channels and review all active channels.

2. Check AI memory If the AI Pilot has stored topology or preference memories related to the departing member's personal setup, review and clean up relevant entries. Go to Settings → AI Agent → AI Memory.

3. Rotate credentials if necessary If the departing member had SSH access to your servers outside of CloudAIPilot (i.e., they had a personal SSH key on the server), rotate the SSH keys on affected servers.

4. Review recent audit log entries Check what the departing member did in their last week of access. Go to Settings → Audit Log, filter by the member's email, and review recent actions.

5. Reassign any pending tasks If the departing member had approval authority for AI Pilot actions (Admin role), verify there are no pending approval cards waiting for their response. Denied or expired cards are safe to ignore.

What success looks like

  • The member no longer appears in the Active members list under Settings → Team Members.
  • They cannot log in to your organization's dashboard.
  • The notification channel audit is complete.
  • No sensitive personal SSH keys remain on production servers.

Common errors and fixes

"I cannot remove the Owner" Cause: The Owner cannot be removed without first transferring ownership to another member. Fix: Go to Settings → Team Members and transfer ownership to another Active member, then remove the previous Owner.

"The member I removed is still appearing in the team list" Cause: Browser cache may be showing the old state. Fix: Hard refresh the page (Ctrl+Shift+R or Cmd+Shift+R). The member should no longer appear.

"A removed member is trying to log in and says they still have access" Cause: They may have an active API token or webhook integration that uses a service account, not their personal login. Fix: Check Settings → API or webhook configurations for any tokens associated with that member. Revoke them.

Related articles