FASS IT Offboarding/Separation Procedure

This article describes the process in which an employee from a FASSIT-supported unit leaves the University and no longer needs their IT access or equipment.

 Instructions

Reference: Separation Checklist

image-20240220-164121.png

 

Willful Separation (Employee and employer are ending employment agreement on good terms)

  • Cancel FAMIS/AIM Access

    • Disable account in AiM, close associated work orders?

    • No associated documentation yet

  • Override data on hard drive

    • Retrieve workstation from employee, check with supervisor if this is necessary

    • Most can typically be retrieved then re-imaged

  • Remove Access from servers and shared calendars

    • Handled at Active Directory Level, go to next step

  • Remove from DG lists and security groups

  • Remove from Printer and Copiers

  • Disable Active Directory Account/Email/Two Factor Auth

    • PD

      • Find the user’s AD account, right click disable

      • Email will be disabled via AD account being disabled

      • Two Factor

        • Microsoft Auth: Disabled with AD account

        • Dualshield token: retrieve token then properly remove from user’s account (check with Bill on the proper way, we’ve been deleting tokens from the system!)

    • AD

      • Account will be disabled by IS at end of employment

      • Two-factor managed by IS

  • Email supervisor re: equipment disposition

    • Reach out to the user’s supervisor and ask if the machine is needed for anything critical

    • If not needed

      • Re-image the machine?

    • If needed, data can be recovered

  • Remove building and campus access

    • Symmetry: Remove the user from all groups

      • Can take a snip of current groups if needed

    • Lenel: User will be removed from lenel groups via being removed from Symmetry

      • Sync takes ~5 minutes

  • Remove prox and alarm access

  • Remove WebLEDS Access

    • Access is handled via AD login, disabled PD AD account disables this access

  • Remove TLO Access

  • Remove CAD/RMS Access

  • Remove Keywatcher Access

    • UO: Handled by WorkControl

    • UOPD: Remove access granted from this documentation until actual steps are added (select all and remove, or disable user? Do we need this data?

  • Remove Milestone Access

    • This steps is redundant, as access is granted via AD Security Groups and was handled above

  • Remove AMAG Access

    • This steps is redundant, as access is granted via AD Security Groups and was handled above

  • CJIS Separation

    • These are given to Bill?

  • Remove OSP Sex Offender Access

    • Bill says we don’t do this

  • Remove confluence access (since it’s not tied to AD).

 

Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu.

 Related articles