One-Time Netid Account Disablement

One-time NetID Account Disablement

Infrastructure Advisory Group, March 20, 2017

DoIT plans to disable the NetID accounts for the following groups either late spring or early summer.

1. Applicants who have not been admitted or enrolled for five years from the date of their application.
2. Former employees with termination dates over two years old and who have no other affiliation with the university.

Our action plan is attached.

Background

We are planning a new process for managing NetID account access to applications and services. Prior to the Office 365 deployment DoIT disabled NetID accounts twice a year for former students and former employees. Office 365 broke our process and we have not disabled accounts for almost four years. There were lots of things we didn’t like about the process so we have taken the time to re-think how we do this. The planning team determined that a one-time account disablement while we are working out the details of the ongoing process would help clean up thousands of unused accounts.

Considerations in planning the new process

1. Agreements with the Registrar, OHR, and WAA that extend access to some services for former students and employees. In contrast, units subject to HIPAA compliance need immediate account disablement.
2. The use of file sharing and collaboration services has increased significantly (Box, Google), so we have to have a way to address concerns around shared data if the data “owner’s” account is removed from the application.
3. Ensure that application services have the ability to perform some kind of authorization so that just having a NetID doesn’t necessarily mean a user has access to the services. Some applications do this today but many do not.

Ad-hoc Disable and De-provisioning Plan

March 9th, 2017

Goals

Disable NetID and de-provision access to enterprise commodity services for the following populations:

●Former employees who were terminated 2 or more years ago with no other current or future-dated affiliation with the UW

●Applicants from 5 or more years ago who did not matriculate with no other past, current, or future-dated affiliation with the UW

Communication Groups

●Service providers (via M team, Infrastructure Coordination, STCLI meeting, etc)

●Tech Partners

●Help Desk

●End users

●IT Governance

Timing

Phase -1

●Service teams to practice content purge / ownership reconciliation strategies on existing population of NetID disabled people with active accounts

Phase 0

●Enable MyUW notification informing them of the impending disable and de-provisioning process

●Email end users informing them of the impending disable and de-provisioning process

Phase 1

●Email end users informing them of the disable and de-provisioning process

●Disable email forwarding

●Reset password / lock credential

Phase 2 (30? days after Phase 1)

●Service teams are free to begin purging data and other invoke processes for deprovisioning the accounts

Follow-ups and Action Items

●Define timeline for various phases

●Define service providers that need to develop processes for purging content and/or reconcile ownership / sharing permissions

●Do we have a way to determine recent usage via NetID Login?

●Develop petition mechanism and grace period for users and departments to temporarily log in to their accounts to backup or transfer ownership of data

●Develop KB documentation detailing process, data backup, petition mechanism

●Need to make sure we don’t leave accounts in a broken state if the person comes back and re-activates services

●Define population

○Make available to service providers

○Load into group(s) that can be delivered to MyUW for notifications

●Need a mechanism for service providers to cross check list of active accounts to see which belong to people who have disabled NetIDs

Targeted Services

Office 365 - Exchange

Office 365 - OneDrive / Sharepoint

G Suite- Drive, Sites, etc

Shared Tools - Jira, Wiki, Gitlab, Artifactory, Subversion

Box

Qualtrics

WiscWeb

WiscList

Doodle

Imaging

Canvas & D2L & Kaltura

Manifest

SALT?

Office 365 - Unified Messaging (Voip)

Office 365 - CRM

Office 365 - Power BI

Wisc Account Administration

Cherwell

AANTS

Lynda

Help Desk Online

Moodle

Computer Labs

InfoAccess

Bucky Backup

Electronic Lab Notebook

Techstore

KnowledgeBase

Azure & AWS