Log In
Sign Up

The Göran Problem: When Ex-Employees Still Have Access

Göran left the company six months ago. Everyone knows it. HR processed the resignation, IT collected the laptop, and someone even sent a farewell message in Teams.

But Göran’s accounts in Salesforce, Jira, and the VPN are still active.
That’s the Göran problem.

And honestly, most companies have one. Göran isn’t doing anything wrong, he’s just… still here.

What the Göran Problem Is

The Göran problem is when former employees still have active accounts in one or more systems after they’ve left the company.

It usually happens by mistake. HR marks the person as “terminated”, but IT never gets the update. Someone says they’ll clean up old accounts “later”, and later never comes.

Weeks turn into months, and Göran still has access to company data.

Why It’s a Real Risk

Leaving old accounts open isn’t just a simple miss. It creates several problems:

  • Security risk: stolen or reused credentials could lead to a breach.
  • Compliance risk: auditors always find orphaned accounts.
  • Operational waste: unused licenses, wrong reports, and confusion about who actually has access.

Even if a company has good processes, it still happens that some user accounts stay active. Sometimes HR offboards a user, but the change doesn’t reach IT right away. Or a user remains active in the main directory longer than intended. Small delays like that are enough to leave accounts open for weeks or months.

Why It Happens

The Göran problem doesn’t come from one mistake. It’s a mix of process gaps and human habits:

  1. Disconnected systems – HR, IT, and app owners don’t share the same data.
  2. Manual work – someone has to remember to disable accounts in several systems.
  3. Just-in-case thinking – teams keep access active “in case we need something.”
  4. Unclear ownership – no one really owns the offboarding process.

Put all that together, and you end up with ghost accounts that no one notices until an audit or incident. It’s a very human problem, which is why it keeps happening even in digital systems.

How to Find Your Görans

Every company has them. Finding them is the first step.

  • Compare HR records with your identity directory (Google, Entra ID, Active Directory etc).
  • Make sure your main directory reflects reality. Only active employees should have active accounts.
  • Review shared or service accounts – they’re often overlooked.
  • Run regular access reviews, especially for sensitive systems.

If you think you only have one, double-check. Görans travel in packs.

How to Fix It

The solution is to make offboarding automatic and consistent.

  1. Automate offboarding
    Connect HR and IT systems so access is removed as soon as someone leaves.
  2. Assign ownership
    Each system should have a clear business owner who’s responsible for approving and removing access.
  3. Review regularly
    Schedule access reviews. They don’t have to be complicated – just consistent.
  4. Use lightweight automation
    You don’t need a massive enterprise IAM platform to solve this. A simple, cloud-based ILM solution like Adcyma can automatically deactivate accounts in the main directory as soon as HR marks a user as inactive.

Final Thoughts

The Göran problem isn’t really about Göran. It’s about how easily organisations lose control of access when people leave.

Fixing it improves security, compliance, and efficiency at the same time.

Every company has a Göran. The important part is making sure his access really ended when his job did.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Everyone should be able to afford good security.
    Solutions
    Home Features
    Support
    Pricing Documentation Terms, Policies, and Legal Agreements Status
    Company
    About Blog
    © 2024 Adcyma AB. All rights reserved.