Remove User Access from Microsoft Clarity

Overview

Removing user access from Microsoft Clarity revokes their ability to view session recordings, access reports, and interact with the project. This guide covers when and how to remove users, offboarding best practices, and what happens to data after removal.

When to Remove User Access

Employee Departure

Action required: Remove access immediately upon termination or resignation.

Why:

• Prevent unauthorized access to user behavior data
• Comply with security and privacy policies
• Reduce risk of accidental or malicious actions

Timeline: Within 24 hours of departure

Contract End (Consultants, Agencies)

Action required: Remove access when engagement concludes.

Why:

• Limit external access to agreed scope and duration
• Protect client data
• Maintain clean user lists

Timeline: On or before contract end date

Role Change

Action required: Remove access if user moved to a different team and no longer needs Clarity.

Why:

• Principle of least privilege
• Reduce unnecessary access
• Keep user lists relevant

Timeline: Within 1 week of role change

Access Granted by Mistake

Action required: Remove access immediately.

Why:

• Correct error
• Prevent unauthorized data access

Timeline: As soon as the mistake is discovered

Quarterly Access Audit

Action required: Review all users quarterly and remove those who no longer need access.

Why:

• Maintain good security hygiene
• Reduce stale accounts
• Ensure access remains appropriate

Timeline: Every 3-6 months

Step-by-Step: Remove a User

Step 1: Navigate to User Management

1. Log into Clarity dashboard at https://clarity.microsoft.com/
2. Select the project
3. Click Settings (gear icon) in the left sidebar
4. Click Users

You'll see a list of all users with access to the project.

Step 2: Identify User to Remove

1. Find the user in the list
2. Verify their email address (ensure you're removing the right person)
3. Note their permission level (Admin or Member) for documentation

Step 3: Remove User

1. Next to the user's name, click:
   • Remove button, or
   • Trash/delete icon, or
   • Three dots menu > Remove user
2. Confirm the removal in the dialog that appears
3. User is removed immediately

Step 4: Verify Removal

1. Check that the user no longer appears in Settings > Users
2. User will immediately lose access to the project
3. User will see the project disappear from their Clarity dashboard

What Happens When You Remove a User?

Immediate Effects

User loses:

• Access to the project in their Clarity dashboard
• Ability to view session recordings
• Ability to access heatmaps and insights
• Ability to share session URLs
• Any Admin permissions (if they had them)

User retains:

• Their Microsoft account (removal only affects Clarity project access)
• Access to other Clarity projects they're part of

Data & History Impact

Not affected:

• Session recordings remain intact
• Historical data stays in the project
• Shared session URLs continue to work (see security note below)

No trail of who removed whom:

• Clarity doesn't currently show audit logs of user removals
• Maintain your own documentation of access changes

Session URL Security Note

Previously shared session URLs still work even after user removal.

Why: Session URLs are not password-protected or user-specific. Anyone with the link can view that session.

Implication: If a removed user saved session URLs, they can still view those specific sessions (but cannot browse the full project).

Mitigation:

• Don't share session URLs with users you plan to remove soon
• Consider session URLs as "public within your organization" links
• For highly sensitive data, enable strict privacy masking before sharing

Offboarding Best Practices

Immediate Removal Upon Departure

Timeline:

Document Removals

Maintain a removal log:

This helps with:

• Security audits
• Understanding historical access
• Compliance documentation

Communicate with Departing User (If Appropriate)

For planned departures (resignation, contract end):

Optional but courteous:

• "Your Clarity access will be removed on [date] as part of standard offboarding."
• "If you need to reference any data before you leave, please do so by [date]."

Not required for:

• Terminations
• Access granted by mistake

Transfer Ownership Before Removing Owner

If the person leaving is the Owner:

1. Transfer ownership first (see Update Access)
2. Then remove their access (they'll become a regular Admin after transfer, then removed entirely)

Do NOT remove the Owner without transferring ownership first, or you'll lose the ability to transfer ownership easily.

Check for Other Projects

If your organization has multiple Clarity projects:

Ensure removal across all projects:

1. List all Clarity projects the user had access to
2. Remove from each project individually
3. Verify removal in each

Clarity doesn't have organization-level user management, so you must remove users project-by-project.

Removing Multiple Users

Scenario: Company downsize, multiple users leaving at once

Process:

1. Create a removal list:

2. Remove systematically:

   • Start with Owners and Admins (higher risk)
   • Then Members
   • Verify each removal

3. Document:

   • Record all removals
   • Confirm completion

Note: Clarity doesn't support bulk user removal. Each user must be removed individually from each project.

Re-Adding a Removed User

Scenario: User was removed by mistake or needs access again

Process:

1. Re-invite the user (see Add User Access)
2. User accepts invitation (same process as initial invite)
3. Access restored

Data impact: User can access all current data, including sessions recorded while they were removed.

Note: There's no "suspend" feature. Removal is permanent until you re-invite.

Alternative to Removal: Demote to Member

Scenario: User doesn't need Admin access anymore, but should still view data

Instead of removing:

1. Demote to Member (see Update Access)
2. User retains view access but loses configuration permissions

Use this when:

• User's role changed but they still need data access
• Reducing risk without cutting off access entirely
• External consultant transitioning from implementation to monitoring

Troubleshooting

Can't Remove a User

Symptoms: No "Remove" button or removal fails

Possible causes:

1. You're not an Admin:

   • Only Admins and Owners can remove users
   • Ask an Admin to remove the user

2. Trying to remove yourself:

   • You cannot remove your own access
   • Ask another Admin to remove you

3. User is the only Owner:

   • Transfer ownership to someone else first
   • Then remove the user

User Still Has Access After Removal

Symptoms: User says they can still see the project

Possible causes:

1. User signed into wrong Microsoft account:

   • Verify they're signed into the account you removed
   • They may have another account with access

2. Browser cache:

   • User should sign out and back in
   • Hard refresh (Ctrl+Shift+R / Cmd+Shift+R)
   • Try incognito/private mode

3. Removed from wrong project:

   • Verify you removed them from the correct Clarity project
   • Check project name and URL

4. Delay in permission propagation (rare):

   • Wait 2-3 minutes
   • If still an issue, remove and re-add, then remove again

Accidentally Removed the Wrong User

Fix:

1. Re-invite immediately (see Add User Access)
2. Apologize and explain
3. User accepts invitation
4. Access restored

Note: No data is lost, just temporary access interruption.

Removed the Owner (Yourself)

You cannot remove yourself if you're the Owner.

If you want to leave:

1. Transfer ownership to another Admin first
2. Then ask the new Owner to remove your access

Security & Compliance

Offboarding Compliance

Many regulations (GDPR, SOC 2, ISO 27001) require timely access removal:

Best practices:

• Within 24 hours of termination/contract end
• Document all removals
• Periodic audits to verify no stale accounts

Data Retention After Removal

Session recordings are not deleted when you remove a user.

To delete data:

• Clarity doesn't offer bulk session deletion
• Individual sessions can be deleted manually
• Projects can be deleted entirely (removes all data)

Privacy considerations:

• If a user subject access request (GDPR) requires deletion, you may need to delete specific sessions or the entire project
• Consult your legal team for data retention requirements

Shared Session URLs Remain Active

Security risk:

• Users removed from the project can still view previously shared session URLs
• URLs are not revoked upon user removal

Mitigation:

• Be selective about sharing session URLs
• Treat URLs as "public within trusted circle" links
• Avoid sharing URLs with users you plan to remove soon

Audit Trail & Documentation

Clarity doesn't provide detailed audit logs. Maintain your own:

Access Removal Log

Quarterly Access Review Checklist

Every 3-6 months:

• Export current user list from Settings > Users
• Compare against active employee/contractor list
• Remove users no longer requiring access
• Document removals
• Archive documentation for compliance

Summary

Removing user access from Microsoft Clarity:

1. Go to Settings > Users
2. Find user in the list
3. Click Remove (or trash icon)
4. Confirm removal
5. User loses access immediately

Best practices:

• Remove access within 24 hours of departure
• Document all removals
• Transfer ownership before removing the Owner
• Review access quarterly
• Remove from all projects (if managing multiple)

When to remove:

• Employee departure
• Contract/engagement end
• Role change (no longer needs access)
• Quarterly audit (stale accounts)
• Access granted by mistake

Related guides:

• Add User Access
• Update User Access
• User Management Overview

Additional Resources:

• Clarity User Roles Documentation
• Security Best Practices for User Access Management