I'm dealing with managing user accounts in applications that aren't linked to our Active Directory (A/D) or using SCIM for provisioning, such as Salesforce. Although terminating an account in A/D is straightforward with a script, I need advice on handling those "edge" cases where manual removal is necessary. I'm curious about what tools or processes y'all use to track these cases effectively. Tools like spreadsheets, Airtable, or NocoDB come to mind, but I'm open to any suggestions.
5 Answers
One approach is to sunset or phase out any applications that don't easily integrate with an Identity Provider (IdP). But I know that’s not always feasible due to legacy systems or high costs associated with integration.
I recommend creating a comprehensive checklist of all apps and services required for each role. When an offboarding request comes in, you can execute your scripts and manually verify that access has been fully removed. Collaborating with department managers helps build that checklist.
You can look into tools like Toriihq for handling user access management, or leverage APIs where available. If the app supports SOAP or REST, you could script the termination process to automate removals, just be careful about security issues that might arise.
During access reviews, you should have visibility into all user accesses. Cataloging these access rights makes it much simpler to revoke them when someone is separated from the company. Just ensure you have a defined list of everything and the associated permissions.
If you’re not already using Okta, it might be worth considering, as it might simplify some of these processes for you.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures