Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user HKativa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Offboarding

...

Onboarding

Onboarding of users is done according their role (what they will have access to). Broadly there are two types of onboarding tasks, ones we handle in-team and ones that need to be done by external groups, primarily Institute IT staff.

Internal Onboarding

Samvera

Users:

Action:

Amazon Web Services

Users: Systems, Developers, Managers

Action:

Server Access

Users: Systems, Developers

Action:

External Offboarding

Access to the following platforms are managed by Institute IT staff, who will initiate onboarding procedures. In general, access to these platforms should be specified on HR Onboarding documentation or a help desk ticket.

Platforms managed by Institute IT:

Slack (Users: ALL; Action: Create account; add user to "digital-general," "digital-random," and "digital-technical" channels as appropriate).

GitHub (Users: ALL; Action: Add new collaborator under "Settings" -→ "Collaborators and Team")

Atlassian/Confluence (Users: ALL; Action: Create account)

Offboarding

Offboarding of users is done according their role (what they have access to), though if exceptions were made it is key to check all of the following options in case special access was given or exceptions were made.

Broadly there are two types of offboarding changes, ones we handle in-team and ones that need to be done by external groups, primarily Institute IT staff.

Internal Offboarding

Samvera

Users: ALL

Actions: Scramble user's password in Samvera. Their account will still exist, useful for certain issues, but cannot be accessed without someone resetting their password via the server.
Method:

...

Action: Log in and either delete the user or scramble their password. The second is the preferred method for now.

Simple Method: Log in and go to Systems→ Manage Users, Edit the user you want to edit. Under password generate and type a random string. Requires no server access

Preferred method: Connect to MySQL on the archivesspace server. Set account to be locked until the end of time.

Amazon Web Services

Users: Systems, Developers, Managers

...

Method: Log into AWS, this must be done by someone with full access. Go to IAM (Under Security, Identity, & Compliance). Select Users. Select the user and press Delete User. This is irreversible.
Side note: We should later also add a key rotation for all keys that the user could have had access to.

Server Access

Users: Systems, Developers

...

Method: Currently either rebuild boxes or go into them and delete keys.


External Offboarding

Access to the following platforms are managed by Institute IT staff, who will initiate offboarding procedures. In general, team members are not expected to follow up with IT to confirm that these tasks have been executed, but can submit a help desk ticket for legacy accounts that may not have been deactivated.

Platforms managed by Institute IT:

Slack (Users: ALL; Action: Remove/block account)

GitHub (Users: ALL; Action: Remove from organization)

Atlassian/Confluence (Users: ALL; Disable account)