Offboarding
When offboarding users, it is done by their role (what they have access to) though if exceptions were made it is key to check all of the following options.
Broadly there are two types of offboarding changes, ones we handle in-team and ones that need to be done by external groups.
Internal Offboarding
Samvera
Users: ALL
Actions: Scramble user's password in Samvera. Their account will still exist, useful for certain issues, but cannot be accessed without someone resetting their password via the server.
Method:
ArchivesSpace
Users: Systems
Action: Log in and either delete the user or scramble their password. The second is the preferred method for now.
Simple Method: Log in and go to Systems→ Manage Users, Edit the user you want to edit. Under password generate and type a random string. Requires no server access
Preferred method: Connect to MySQL on the archivesspace server. Set account to be locked until the end of time.
Amazon Web Services
Users: Systems, Developers, Managers
Action: Remove user account from Amazon's IAM
Method: Log into AWS, this must be done by someone with full access. Go to IAM (Under Security, Identity, & Compliance). Select Users. Select the user and press Delete User. This is irreversible.
Side note: We should later also add a key rotation for all keys that the user could have had access to.
Server Access
Users: Systems, Developers
Action: Remove personal ssh keys from servers
Method: Currently either rebuild boxes or go into them and delete keys.