Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Project TitleAccount Cleanup
Target Release
Epic
Document Status
DRAFT
Document Owner

Document Sign-Off
Subject Matter Expert(s)
Technical Expert(s)

Background & Business Value

On an annual basis we would like to review the accounts we have in the system in order to remove accounts that should no longer be active and reduce our security risk profile. To do this we will want to check what accounts are not in active use or their owners are no longer affiliated with the University.

Goals

  • Identity accounts which are no longer actively used
    • Scenario 1: In general the API Key is not being used
    • Scenario 2: The API Key is being used, but it has endpoints it's approved for but it's not using
    • We should consider Personal Accounts as different from Functional Accounts
  • Identify account associated with people/groups no longer affiliated with the University
  • Determine if their account should be removed or deactivated
    • Determine a plan of action to take for these accounts

Assumptions

Out of Scope

Requirements

Ticket(s)TitleUser StoryPriorityNotes

Account No Longer in UseAs an Administrator, I would like a report that shows if an account has not been used for over X weeks/months.
  • What is the time period?
    • Personal Accounts
      • Inactivity for three months on an endpoint is considered inactive
    • Functional Accounts
      • Inactivity for a month on an endpoint is considered inactive
    • If all endpoints are inactive then the API Key should be considered inactive
  • Where should we retrieve this data from?

No Longer Associated with the University - Personal AccountsAs an Administrator, I would like a report that shows if a person (email address) is no longer associated with the University.
  • Where to get this information?
    • LDAP?
    • Can we create an API for it?
    • Possible Campus Identity or SA Identity
  • We need to figure out how to determine if they have separated

No Longer Associated with the University - Functional AccountsAs an Administrator, I would like a report that shows if a functional account is no longer in use.
  • If all the applications associated with a functional account have been revoked/deactived, then the functional account should be considered inactive.

Extra Criteria for Determining if an account should be cleaned upAs an Administrator, do I need to attain other information in order to determine if the account should be cleaned up?
  • Should their be an attempt to contact the owner?
    • We need to email the owner
    • We should create reports in Apigee or Google Analytics for this
  • Anything else?

The Cleanup ProcessAs an Administrator, cleaning up an account should ...
  • I assume Disable the account
  • Should we delete it?





User Interaction, Design & Architecture

Examples and References

Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcomeDecision Date
  • No labels