FASS IT Offboarding/Separation Procedure
This article describes the process in which an employee from a FASSIT-supported unit leaves the University and no longer needs their IT access or equipment.
 Instructions
Reference: Separation Checklist
Â
Willful Separation (Employee and employer are ending employment agreement on good terms)
Cancel FAMIS/AIM Access
Disable account in AiM, close associated work orders?
No associated documentation yet
Override data on hard drive
Retrieve workstation from employee, check with supervisor if this is necessary
Most can typically be retrieved then re-imaged
Remove Access from servers and shared calendars
Handled at Active Directory Level, go to next step
Remove from DG lists and security groups
Remove from Printer and Copiers
Check printers the user had access to for mail
Remove them from scan to options
Disable Active Directory Account/Email/Two Factor Auth
PD
Find the user’s AD account, right click disable
Email will be disabled via AD account being disabled
Two Factor
Microsoft Auth: Disabled with AD account
Dualshield token: retrieve token then properly remove from user’s account (check with Bill on the proper way, we’ve been deleting tokens from the system!)
AD
Account will be disabled by IS at end of employment
Two-factor managed by IS
Email supervisor re: equipment disposition
Reach out to the user’s supervisor and ask if the machine is needed for anything critical
If not needed
Re-image the machine?
If needed, data can be recovered
Remove building and campus access
Symmetry: Remove the user from all groups
Can take a snip of current groups if needed
Lenel: User will be removed from lenel groups via being removed from Symmetry
Sync takes ~5 minutes
Remove prox and alarm access
Do you know what alarm panels they have access to? Reach out to their supervisor for more info if needed
Connect to each bosch panel and remove their account from the panel
Need actual steps/process
This may be able to be done in bulk soon!
Remove WebLEDS Access
Access is handled via AD login, disabled PD AD account disables this access
Remove TLO Access
Remove CAD/RMS Access
When we swap back to ONESolution
Remove Keywatcher Access
UO: Handled by WorkControl
UOPD: Remove access granted from this documentation until actual steps are added (select all and remove, or disable user? Do we need this data?
Remove Milestone Access
This steps is redundant, as access is granted via AD Security Groups and was handled above
Remove AMAG Access
This steps is redundant, as access is granted via AD Security Groups and was handled above
CJIS Separation
These are given to Bill?
Remove OSP Sex Offender Access
Bill says we don’t do this
Remove confluence access (since it’s not tied to AD).
Â
Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu.