Remove User Access from PostHog

Overview

Removing user access properly is critical for security, compliance, and data governance. Whether an employee leaves, a contractor's engagement ends, or a user no longer needs access, following a structured offboarding process prevents unauthorized access and ensures continuity of analytics.

This guide covers complete removal, partial access revocation, and post-removal cleanup.

When to Remove Access

Immediate removal required:

• Employee termination
• Security incident or suspected compromise
• Unauthorized access attempt
• Contractor engagement ends

Planned removal:

• Employee leaves company (with notice)
• Role change (no longer needs analytics access)
• Project ends
• Quarterly access review identifies unused accounts

Before You Remove Access

Transfer Ownership of Resources

Dashboards:

1. Navigate to Dashboards
2. Filter by creator: departing user
3. For each dashboard:
   • Decide if it's still needed
   • Transfer ownership (make team-wide or assign to someone)
   • Pin critical dashboards to prevent accidental deletion
   • Delete obsolete dashboards

Insights:

1. Review insights created by user
2. Save important insights to dashboards
3. Note: Insights are project-owned, not user-owned (won't be deleted)

Feature flags:

1. Go to Feature Flags
2. Filter by creator: departing user
3. Document purpose and status of each flag
4. Update flag metadata to new owner
5. Ensure flags won't break if user is removed

Experiments:

1. Check active experiments owned by user
2. Assign new owner
3. Document experiment status and results

API integrations:

1. Identify any scripts/tools using user's personal API key
2. Replace with new user's API key or project API key
3. Test integrations still work

Document Removal

# PostHog Access Removal Log

## Date: 2024-03-31
User: john@example.com
Reason: Left company
Removed by: jane@example.com
Resources transferred:
  - 3 dashboards transferred to team
  - 2 feature flags documented and reassigned
  - 1 active experiment transferred to alice@example.com
  - API integration for data export updated

Removing User from PostHog Cloud

Full Removal from Organization

Steps:

1. Navigate to Settings → Organization → Members
2. Find user in members list
3. Click three dots menu → Remove member
4. Confirm removal

What happens:

• User loses access to all projects in organization
• User can no longer log in
• Dashboards and insights remain (not deleted)
• User's events remain in database
• Feature flags remain active

Warning: This action is immediate and cannot be undone. User loses access instantly.

Remove from Specific Projects Only

When: User should remain in organization but lose access to certain projects

Steps:

1. Navigate to Settings → Project (select project)
2. Go to Members
3. Find user in project members list
4. Click three dots menu → Remove from project
5. Confirm removal

User retains:

• Organization membership
• Access to other projects

Example scenario:

Before:
  - Production: Member
  - Staging: Member
  - Development: Admin

After (removed from Production):
  - Staging: Member
  - Development: Admin

Removing User from Self-Hosted PostHog

Method 1: Via Settings (Recommended)

1. Log in with admin account
2. Go to Settings → Organization → Members
3. Find user and click Remove member
4. Confirm removal

Method 2: Via Admin Panel

1. Navigate to Admin panel (gear icon)
2. Go to Staff users
3. Find user
4. Click Delete or Deactivate
5. Confirm action

Deactivate vs Delete:

• Deactivate: User can't log in, but account preserved (recommended)
• Delete: Permanently removes user account

Method 3: Disable SSO Access

If using SSO:

1. Remove user from SSO provider (Okta, Azure AD, etc.)
2. Remove PostHog app assignment for user
3. User automatically loses access on next login attempt

Note: May take up to 24 hours for SSO changes to propagate.

Revoking API Access

Personal API Keys

User's personal API key stops working immediately when removed from organization.

If scripts/integrations use personal API key:

1. Identify affected integrations
2. Generate new API key from different user
3. Update scripts/tools
4. Test integrations
5. Then remove user

Project API Keys

Project API keys are NOT affected by user removal. They remain valid.

No action needed unless user has knowledge of project API keys and termination is hostile.

If security concern:

1. Rotate project API keys
2. Update all SDK configurations
3. Deploy updated configurations
4. Test that tracking still works

Post-Removal Checklist

Verify removal:

• User removed from organization members list
• User cannot log in (test if possible)
• User removed from all projects
• User removed from Slack analytics channels
• User removed from shared documents/wikis

Transfer resources:

• Dashboards transferred or deleted
• Feature flags reassigned
• Experiments ownership updated
• API integrations migrated

Document:

• Removal logged in access registry
• Reason documented
• Resources transferred noted
• Approver recorded

Security:

• Personal API keys revoked (automatic)
• Project API keys rotated (if needed)
• Access to other tools reviewed (Slack, GitHub, etc.)

Compliance:

• Audit log entry created
• Manager notified
• HR/IT notified (if applicable)

Special Cases

Removing Former Admin

Additional steps:

1. Review recent changes: Check audit log for recent admin actions
2. Verify configurations: Ensure no malicious changes made
3. Rotate secrets: If admin had access to API keys, rotate them
4. Review invitations: Check if admin invited unauthorized users

Removing Owner

Critical: Cannot remove last Owner from organization.

Steps:

1. Promote new Owner first:

   • Navigate to Organization → Members
   • Promote another admin to Owner
   • Verify new Owner can access billing

2. Then remove old Owner:

   • Change old Owner role to Member
   • Remove from organization

Must have at least one Owner at all times.

Removing Contractor After Engagement

Checklist:

1. Verify contract end date arrived
2. Confirm all deliverables received
3. Transfer any dashboards/insights
4. Remove access
5. Document removal
6. Archive contract documentation

Communication:

Hi [Contractor],

Your engagement with us has concluded as of [date]. Your PostHog access has been removed.

Thank you for your work on [project]. The dashboards you created have been transferred to our team.

If you have any questions, please reach out within the next 7 days.

Emergency Removal (Security Incident)

Immediate actions:

1. Remove from PostHog immediately (don't wait for transfers)
2. Revoke all API keys (personal and project if necessary)
3. Review audit logs for unauthorized activity
4. Check for data exports or unusual queries
5. Notify security team
6. Document incident

Later:

• Transfer resources (dashboards, flags)
• Review what data user accessed
• Determine if data breach occurred

Bulk User Removal

When: Company restructuring, product sunset, or large team change

PostHog Cloud:

• No bulk removal UI currently
• Remove users one at a time
• For large removals, contact PostHog support

Self-hosted with API:

// Example: Bulk remove users via API
const usersToRemove = [
  'user1@example.com',
  'user2@example.com',
  'user3@example.com'
];

const organizationId = 'your-org-id';
const apiKey = 'your-api-key';

for (const email of usersToRemove) {
  await fetch(`https://app.posthog.com/api/organizations/${organizationId}/members/${email}/`, {
    method: 'DELETE',
    headers: {
      'Authorization': `Bearer ${apiKey}`
    }
  });

  console.log(`Removed: ${email}`);
}

Data Retention After Removal

What's deleted:

• User account and login credentials
• User preferences and settings
• Personal API keys

What's kept:

• Events tracked by user (never deleted automatically)
• Dashboards created by user
• Insights created by user
• Feature flags created by user
• Recordings and data user had access to

User's data in analytics:

// Events the user themselves generated are kept
// e.g., if user was also a product user
posthog.capture('button_clicked', {
  distinct_id: 'removed_user@example.com'
});
// This event remains in PostHog

To delete user's personal data (GDPR):

1. Navigate to Settings → Project → Data Management
2. Find Person Deletion
3. Enter user's distinct_id
4. Confirm deletion
5. All events for that distinct_id are deleted permanently

Reactivating Removed User

If user removed by mistake:

PostHog Cloud:

• Cannot undo removal
• Re-invite user as new member
• Re-grant project access
• User gets fresh account (previous settings lost)

Self-hosted:

• If deactivated (not deleted): Reactivate account
• If deleted: Create new account

Note: Dashboards and insights created previously are still there, but user needs to be re-granted access to projects.

Compliance & Auditing

Maintain removal log:

# PostHog Access Removals - Q1 2024

## 2024-01-15: contractor1@agency.com
Reason: Engagement ended
Removed by: jane@example.com
Resources: None (viewer only)

## 2024-02-20: former_employee@example.com
Reason: Left company
Removed by: admin@example.com
Resources:
  - 5 dashboards transferred to product team
  - 2 feature flags documented
  - API export script updated

## 2024-03-10: intern@example.com
Reason: Internship completed
Removed by: manager@example.com
Resources: None

Audit requirements:

• Who was removed and when
• Who performed the removal
• Reason for removal
• What resources were transferred
• Any security incidents

Best Practices

Do:

• Remove access on last day of employment
• Transfer critical resources before removal
• Document all removals
• Review access quarterly and remove unused accounts
• Test that removed users can't log in
• Notify relevant teams (security, HR, IT)

Don't:

• Delay removal (security risk)
• Delete resources that might be needed
• Forget to transfer ownership of critical dashboards
• Remove users without documenting reason
• Skip notification to managers
• Reuse accounts (always create new accounts)

Troubleshooting

Can't remove user:

• Verify you have Owner or Admin role
• Can't remove last Owner (promote someone else first)
• User might be managed by SSO (remove from IdP)

User still has access after removal:

• User may be cached in browser (they'll lose access after logout)
• SSO might not have synced (wait up to 24 hours)
• User might have separate account (check for duplicate emails)

Removed user's dashboards disappeared:

• Dashboards should NOT be deleted on user removal
• Check if dashboards were personal/private (might not be visible)
• Check if someone else deleted them
• Contact PostHog support to investigate

Related Resources

• Add User Access - Onboarding users
• Update Access & Roles - Modifying permissions
• PostHog User Management Overview - General concepts

Need help? Check PostHog user management docs or contact PostHog support.