Onboarding
Onboarding of users is done according their role (what they will have access to). Broadly there are two types of onboarding tasks, ones we handle in-team and ones that need to be done by external groups, primarily Institute IT staff.
Internal Onboarding
Samvera
Users:
Action:
Amazon Web Services
Users: Systems, Developers, Managers
Action:
Server Access
Users: Systems, Developers
Action:
External Offboarding
Access to the following platforms are managed by Institute IT staff, who will initiate onboarding procedures. In general, access to these platforms should be specified on HR Onboarding documentation or a help desk ticket.
Platforms managed by Institute IT:
Slack (Users: ALL; Action: Create account; add user to "digital-general," "digital-random," and "digital-technical" channels as appropriate).
GitHub (Users: ALL; Action: Add new collaborator under "Settings" -→ "Collaborators and Team")
Atlassian/Confluence (Users: ALL; Action: Create account)
Offboarding
Offboarding of users is done according their role (what they have access to), though it is key to check all of the following options in case special access was given or exceptions were made.
Broadly there are two types of offboarding changes, ones we handle in-team and ones that need to be done by external groups, primarily Institute IT staff.
Internal Offboarding
Samvera
Users: ALL
Actions: Scramble user's password in Samvera. Their account will still exist, useful for certain issues, but cannot be accessed without someone resetting their password via the server.
Method:
ArchivesSpace
Users: Systems
Action: Log in and either delete the user or scramble their password. The second is the preferred method for now.
Simple Method: Log in and go to Systems→ Manage Users, Edit the user you want to edit. Under password generate and type a random string. Requires no server access
Preferred method: Connect to MySQL on the archivesspace server. Set account to be locked until the end of time.
Amazon Web Services
Users: Systems, Developers, Managers
Action: Remove user account from Amazon's IAM
Method: Log into AWS, this must be done by someone with full access. Go to IAM (Under Security, Identity, & Compliance). Select Users. Select the user and press Delete User. This is irreversible.
Side note: We should later also add a key rotation for all keys that the user could have had access to.
Server Access
Users: Systems, Developers
Action: Remove personal ssh keys from servers
Method: Currently either rebuild boxes or go into them and delete keys.
External Offboarding
Access to the following platforms are managed by Institute IT staff, who will initiate offboarding procedures. In general, team members are not expected to follow up with IT to confirm that these tasks have been executed, but can submit a help desk ticket for legacy accounts that may not have been deactivated.
Platforms managed by Institute IT:
Slack (Users: ALL; Action: Remove/block account)
GitHub (Users: ALL; Action: Remove from organization)
Atlassian/Confluence (Users: ALL; Disable account)