Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This article describes the process in which an employee from a FASSIT-supported unit leaves the University and no longer needs their IT access or equipment.

Note: Are you trying to use this right now and are reading this line of text? Bug James to finish this!

\uD83D\uDCD8 Instructions

Reference: Separation Checklist

image-20240220-164121.png

Willful Separation (Employee and employer are ending employment agreement on good terms)

  • Cancel FAMIS/AIM Access

    • Disable account in AiM, close associated work orders?

  • Override data on hard drive

    • Retrieve workstation from employee, check with supervisor if this is necessary

    • Most can typically be retrieved then /wiki/spaces/FI/pages/659257

  • Remove Access from servers and shared calendars

    • Handled at Active Directory Level, next step

  • Remove from DG lists and security groups

  • Remove from Printer and Copiers

    • Check printers the user had access to for mail

    • Remove them from scan to options

  • Disable Active Directory Account/Email/Two Factor Auth

    • PD

      • Find the user’s AD account, right click disable

      • Email will be disabled via AD account being disabled

      • Two Factor

        • Microsoft Auth: Disabled with AD account

        • Dualshield token: retrieve token then properly remove from user’s account (check with Bill on the proper way, we’ve been deleting tokens from the system!)

    • AD

      • Account will be disabled by IS at end of employment

      • Email can be kept?

      • Two-factor managed by IS

  • Email supervisor re: equipment disposition

    • Reach out to the user’s supervisor and ask if the machine is needed for anything critical

    • If not needed

      • Re-image the machine?

    • If needed, data can be recovered

  • Remove building and campus access

    • Symmetry: Remove the user from all groups

      • Can take a snip of current groups if needed

    • Lenel: User will be removed from lenel groups via being removed from Symmetry

      • Sync takes ~5 minutes

  • Remove prox and alarm access

    • Do you know what alarm panels they have access to? Reach out to their supervisor for more info if needed

    • /wiki/spaces/FI/pages/591535

      • Need actual steps/process

  • Remove WebLEDS Access

    • Access is handled via AD login, disabled PD AD account disables this access

  • Remove TLO Access

  • Remove CAD/RMS Access

  • Remove Keywatcher Access

    • UO: Handled by WorkControl

    • UOPD: Remove access granted from this documentation until actual steps are added (select all and remove, or disable user? Do we need this data?

  • Remove Milestone Access

    • This steps is redundant, as access is granted via AD Security Groups and was handled above

  • Remove AMAG Access

    • This steps is redundant, as access is granted via AD Security Groups and was handled above

  • CJIS Separation

    • These are given to Bill?

  • Remove OSP Sex Offender Access

    • I have never done this.

  1. FASS IT receives separation request from FASS HR

  2. Workstation

    1. Retrieve workstation

    2. Compare to PDQ to ensure we have the right machine

      1. Do we want to copy currently installed applications due to lack of RBAC?

    3. Keep laptop for X weeks (or wipe immediately unless otherwise told? Have it be policy, signed off, etc)

  3. Email

    1. Setup automatic response/forward if necessary

      1. help user setup

      2. PowerShell command

  4. Permissions

    1. AD Permissions

      1. Copy all permissions to ticket (until RBAC policy in effect)

        1. Include awesome PowerShell script or link to script here

      2. Remove AD permissions from AD (and PD if necessary)

      3. Lock account if PD user, move to un

    2. Non-AD Permissions

      1. AiM

        1. Pedro?

      2. Manitou

      3. Card Access

    3. Log into Symmetry, find user’s card and remove access

    4. Set Card to disable

Dismissal

  1. FASS IT member in charge of permissions will be given window in which user will be separated from the University

    1. Coordinate with anyone on need-to-know basis (IS Account Admins, etc)

  2. Reach out to IS account admins to remove UO AD access (at appropriate time)

  3. Coordinate with supervisor for computer retrieval

    1. Verify machine is working

    2. Verify all accessories are included

    3. Verify if machine can be wiped or not

      1. See IS/General Council/ISO form about data retrieval

  4. Coordinate removal of AD permissions with IS

    1. Remove AD permissions, have IS account admins lock the account and remove permissions

    2. One-off Permissions

      1. AiM

      2. Tableau

      3. Manitou

  5. Email/Exchange

    1. Setup automatic response/forward using powershell script

      1. Verbiage from supervisor

    2. Remove from any DG’s or mailboxes that have been manually added without a security group

  6. Card Access

    1. Log into symmetry, remove card access, disable card

  7. Inform supervisor of above status

Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu.

  • No labels