Open dmfezzareed opened 7 months ago
@schmelz21 I created this idea issue to get it logged so we don't lose track of what we discussed today. cc @stewartl97 , @rapidray12
https://github.com/cisagov/crossfeed/pull/1532 - Noting a PR pre-exsted. Closing out that PR as OBE
💡 Summary
I would like to propose a systematic check for 30 days of Crossfeed user account logon inactivity, notify the user, if account reaches 45 days of inactivity, the password will be reset (to essentially deactivate it by requiring the data consumer to take action to reset their password should they wish to resume use). Accounts reaching 90 days of inactivity will be removed.
We should also consider adding a new feature to set an expiration date on an account for short-term hires, contractors, etc to minimize manual overhead. When the account expires, it doesn't have to be removed, merely reset the password or create a way to lock the account so that manual intervention is required to reenable the account.
Note: I propose 90 days before removing an account entirely as some partner use-cases do not require accessing Crossfeed routinely or frequently, for example, Election personnel. Along those same lines, it might be worth investigating the election temporary hiring practices for requesting access to being on a specific date and end on a specific date.
Motivation and context
Why does this work belong in this project?
This would be useful because...
Implementation notes
Please provide details for implementation, such as:
Acceptance criteria
How do we know when this work is done?