The last-mile kill switch. You fired them. The access didn't leave.
Someone is walked out at 9am. Their SSO is disabled. But the API token still works, the personal-laptop git access still pulls, the third-party SaaS login HR never knew about is still live. Studies find 89% of departed employees retain access to sensitive applications, and only 44% of companies revoke everything within 24 hours. Manav makes access conditional on a live human identity — revoke the identity once, and every system that checks it denies in the same second.
Deprovisioning is a checklist across dozens of systems. The checklist always misses some.
Offboarding means hunting down every account, token, key, and shadow-IT login a person accumulated — across IdP, code hosts, cloud consoles, SaaS, and tools IT never provisioned. It's slow, manual, and fault-prone, which is why one in five data breaches involves a former employee within six months of departure. The dangerous gap isn't the badge; it's the long tail of credentials that outlive the person.
Termination should be one action. Today it's fifty, and you're never sure you got them all.
Because credentials are scattered and independent, "revoke access" has no single switch. Every system holds its own copy of trust, so disabling one doesn't touch the others. What's missing is a shared root the systems all consult — so that turning off the human turns off everything bound to the human, at once, with proof.
Fire once. Watch what's still live.
Jordan was terminated at 9:00am. Here's everything they could touch. Offboard the manual way, then with a single manav.revoke().
What you're seeing: the manual checklist disables the systems IT remembers and misses the long tail. Because every system defers to one identity, revoking the human denies all of them at once.
Make consequential access check a live human identity. Revoke once; deny everywhere.
// Wherever a high-value action or session is authorized const ok = await manav.verify({ manav_id: actor.manavId, context: "prod/deploy" // or wire, admin-grant, data-export… }); if (!ok.active) return deny("identity_revoked"); // the kill switch // Offboarding becomes a single call — the last mile: await manav.revoke({ manav_id: leaver.manavId, reason: "termination" }); // → every passkey, token, and bound session referencing this // identity fails its next check. Logged, timestamped, irreversible.
Because the signature is bound to the human's device passkey and checked at the moment of action, you don't have to find every credential — you turn off the one identity they all defer to. The revocation is written to an append-only audit log, so you can prove, to an auditor or a regulator, the exact second access ended. The last mile of offboarding stops being a checklist and becomes a switch.
The exposure sitting in your offboarding gap.
Every departure that leaves credentials live is an open door. Multiply your annual departures by the breach rate tied to former employees and the modeled cost of a single insider incident.
Where this lives.
One-call revoke
HRIS termination fires a single manav.revoke(). Every action gated by the identity denies on its next check — no per-system hunt.
Provable cut-off
The append-only audit log records the exact moment access ended — the evidence auditors and cyber-insurers ask for.
Action-level gating
Deploys, wires, admin grants, and data exports each verify a live human. A revoked leaver can't ship, pay, or pull.
Turn offboarding into one switch.
→ See also: the rotating contractor · the sleeper on the payroll