IT admins are often caught up in a revolving door of user accounts continually being provisioned and deprovisioned. While tasks like periodic clean up of stale accounts and their access and permissions are often not prioritized, they play a major part in simplifying compliance with major IT regulations. For example, a key rule mandated by POPIA is that organizations operating in South Africa and organization that process the personal information of South African citizens should not keep those for longer than needed, and should perform periodic reviews to identify and address data stored beyond its intended period. An easy solution to managing these tasks is to automate them.
ADManager Plus' automated deprovisioning feature coupled with its customizable delete policy can help you automatically deprovision user accounts and divest them of all the access privileges sequentially. The following steps will guide you through the process.
1. Set up the delete policy
1. Navigate to Admin tab > Custom Settings > Delete/Disable Policy
2. Select the domain you wish to enforce the delete policy in and then select the Delete Policy tab.
3. Select the actions like delete homefolders and mailboxes, revoke Office 365 licenses, etc., that must be automatically triggered when a user account is deleted.
4. Click Save.
2. Configure automated deprovisioning of user accounts
1. Navigate to Automation tab > Automation > Create New Automation and configure the following settings.
2. Automation policy Name and Description - Enter a suitable name and description for the automation process.
3. Automation Category - Choose User Management.
4. Domain - Choose the domain and OUs where the task should be run in.
5. Automation Task/Policy - From the 'Automation policy' list, select the 'user deprovisioning' policy.
6. Location of CSV - Choose the location of your CSV file which contains the list of users to be de-provisioned.
7. Implement Business Workflow - Enable this option if you wish that the user deletion be carried out after approval. This option will automatically create a 'delete user' request; once it is approved by the appropriate technician or user mentioned in the workflow, the user account will be deleted from AD.
8. Select the Execution time and Frequency at which you want the automated user de-provisioning to be done.
9. Enable the Notification option if you wish to notify the technician every time the automation gets executed.
10. Click Save.
This brings us to the end of the POPIA compliance series. In case you missed out, check out the earlier posts in this series on tracking access and permission to data in your organization , establishing organization wide policies for access and permission management, and efficient management of access to shares and servers with sensitive personal information, in order to be compliant with POPIA.
Tune in next week for another interesting hack to help you make your Identity and access management more efficient.
Team ADManager Plus.