How to Offboard a System User on Facebook the Right Way

This is the access most likely to be quietly forgotten and most likely to bite. A system user is a non-human account that tools and servers use to call Meta's API, and it holds long-lived access tokens. When the employee who set it up leaves, removing their personal profile does nothing to the system user — the token keeps working until someone revokes it on purpose. Proper offboarding means treating the system user as its own thing.

The principle: revoke the token, not just the person

Three rules so a departure never leaves an automated door open.

1. Principle 1

   Tokens are separate from people

   Removing a person does not revoke the system user tokens they created. The token survives the employee, so it must be handled directly.

2. Principle 2

   Inventory before you offboard

   Keep a record of which system users exist, what they power, and who set them up — so you know what to revoke when someone leaves.

3. Principle 3

   Revoke and rotate deliberately

   When the integration is no longer trusted, revoke the token and rotate any that need to keep running under new control.

Review cadence: Review system users on every departure and at least quarterly.

Offboard a system user safely

• Open Business Settings → System Users and list each one and its assets
• Identify the integration each system user powers and who owned it
• For a departing employee, find every system user and token they created
• Revoke tokens that are no longer needed or no longer trusted
• For integrations that must continue, rotate the token under new ownership
• Remove system users tied to tools you no longer use
• Record the change so the next audit is a quick diff

Why system users slip through offboarding

• Assuming removing the person is enough

  A standard offboarding removes the employee's profile and Page access — but the system user and its token are untouched and keep working.

  Why it happens: System user tokens are long-lived and decoupled from any individual's employment.

• No record of what each system user does

  Without an inventory, you cannot tell which tokens are safe to revoke, so they get left alone "just in case" — which is exactly the gap an attacker wants.

  Already happened: Find old partners and system users

Common questions

Delvia

Access issues are easier to prevent when roles, owners, and responsibilities are recorded clearly

Most access problems trace back to the same gap — no clear record of who has access, what role they hold, and what should happen when that changes. Delvia helps you keep that record so problems are visible before they become incidents.