Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 61 Next »

Unable to render {include} The included page could not be found.

Project Overview:

What is De-Provisioning?
Whom Does This Affect?
Who is Not Eligible?
Who Receives Termination Notifications?
Automated Platforms?
Manual Platforms
Terminology?
How Often Will the Termination Process Run?
How are Notifications Sent to the Departments of those that are Terminated?
What are the Process Steps?
How Long Will Accounts Remain Active After Termination Notification?
What Access Can Manually be Removed/Modified Prior to Actual Expiration Date?
What Access Remains Within 30 Day Window Despite Manually Removing Departmental Folders/Shares & Mailboxes?
What if I need an Exception?

What is De-Provisioning?

The closing or removal of access based on status at the University.

The key goal:  Automate terminated accounts in a timely manner when an individual is no longer eligible. This is determined by EduPerson Codes (Albany)

Providing such benefits as:

  • Adherence and enforcement of IdM policy & business rules
  • More accurate representation of employees role at the University
  • More efficient & timely notifications
  • Reduction of manual processes
  • Annual Review of Emeriti Access
  • Student Account Closure process is incorporated

Whom Does This Affect?
  • Those who are no longer eligible to have accounts (Faculty, Staff, Students, and Volunteers)
  • Emeriti have the option of retaining or closing their account

Who is Not Eligible?

Eligibility is determined by EduPerson Codes (Albany)

(Note: This is only a partial list of examples, as there are many statuses or variations of employment at the University)

  • Faculty or Staff that no longer have an active employment record in the Human Resources system of record
  • Students that are beyond the first year Alumnus status (no longer have a code of ALM1)
  • Lecturers who have not been actively employed within the last 15 months
  • Volunteers who's appointment date has ended or is past due
  • Emeriti that do not respond to the yearly notification requesting to retain their account

Who Receives Termination Notifications?
  • Notifications will sent to departments as well as the individual when employee accounts are going to be terminated or status changes (i.e. employee role changes to a student role or transfer to a different department).

Automated Platforms?
  • Active Directory
  • Unix Access
  • UAlbany Mail
  • IAS/PeopleSoft

Manual Platforms? (Notifications are sent to the service providers to complete access removal)
  • IAS/PeopleSoft
  • Reddot
  • Other service providers (SUNYCard, Nolij, All Funds, some Library etc.)

New De-Provisioning/Termination Process Account Details:

Terminology?
  • Expire/Terminate = Shutting off of account access except to MyUAlbany
  • Transfer = Moving to another department
  • Role change = Typically faculty/staff returning to student status
  • Deleted = Completely gone forever

How Often Will the Termination Process Run?
  • Runs Monday-Friday

How are Notifications Sent to the Departments of those that are Terminated?
  • Notifications are sent to a designated UAlbany Departmental mailbox specifically set up to receive the termination notifications.  IAM Contacts are typically forwarded emails from their mailboxes.
  • Notification will have a 'from address' for termination notifications such as 'ITS Access Notice'

What are the Process Steps?

Step 1 - Identification of those that are terminated
Step 2 - Send out termination notifications to:

  • Individual (Employee, Volunteer, or Student)
  • Departmental mailbox specifically set up for termination notifications (for employees/volunteers/lecturers)

Step 3 - Actual shutting off of account is 30 days from notification (except for Lecturers who fall in the 15 month grace period)
Step 4 - If an exception is needed, ability to grant exception with proper notification from department

How Long Will Accounts Remain Active After Termination Notification?
  • 30 days for Faculty/Staff
  • 30 days after a student is no longer eligible
  • Lecturers have 15 month grace period

What Access Can Manually be Removed/Modified Prior to Actual Expiration Date?

1. Departmental shared folders
2. Departmental UAlbany Mail Accounts
3. Change manager of folder/share or departmental UAlbany mailbox by submitting the Group Owner Maintenance Request Form
4. Access removal for Administrative (IAS PeopleSoft) systems

What Access Remains Within 30 Day Window Despite Manually Removing Departmental Folders/Shares & Mailboxes?

1. Personal U:
2. Personal UAlbany Mail
3. Personal Unix Account

What if I need an Exception?
  • Faculty/Staff short term exceptions may be granted with departmental approval/request from IAM Contact. University employment situations vary and the Identity and Access Management Group is the ultimate decider on whether or not the exception is granted.
  • Blackboard exceptions are granted only after being vetted by the Educational Technology Service (ETS) group. Exception Request must come from that group.
  • Students may request short term exceptions to retrieve mail or documents.
  • Student exceptions for a long term may be granted upon approval by the academic advisor or department staff who can verify that the student legitimately still needs access.(i.e. Masters Thesis work). The advisor/department representative will be responsible for filling out the request form that will be sent to them from the Identity and Access Management Group. The Identity and Access Management Group will make the exception (typically until the end of the semester) and notify the student.
  • Emeriti exceptions are based on the individual having Emeritus status in their employment record. Emeriti exceptions are reviewed on an annual basis with notification being sent to the individual. The Identity and Access Management Group is responsible for entering the exception in IAS, and follow-up communication with the Emeriti.
  • No labels