End-of-Year Account Cleanup: Remove "ghost" accounts from being listed as "Active" on production

[stefaniefgray]

User Story or Problem Statement

On the "People" page, if you see an Active user account with no roles or sections assigned, it means that the user had attempted to log into prod using their PIV card before their account was actually approved and created by our team.

They might not even be someone who should have access to prod (access must be reviewed/approved before the support team officially creates new accounts!), but they had attempted to use their PIV card to get onto prod anyhow.

In turn, prod automatically creates a "ghost" account that cannot access or edit any content on the site.

By clicking into the account's "History" tab, you can tell whether it was created by a premature PIV login (the user will be cited as the account creator) or by a member of the VA Drupal CMS Support team.

Why are these "ghost" accounts troublesome for our team? 👻

If you do not cancel the “fake” account created by the user’s attempted PIV card login attempt, they will not be able to log into the real account that a VA Drupal CMS Helpdesk team member has created or will be creating for them.

In summary, ghost accounts:

• Block VA Drupal CMS Helpdesk staff from creating new user accounts linked to that PIV card/email address.
• Block VA.gov editors from getting logged in once their accounts are approved and created by our team.
• Artificially inflate the total number of "Active" users on https://prod.cms.va.gov/

As of 12/18/2023, there are 115 ghost accounts on https://prod.cms.va.gov/. I would like to cancel each of these accounts to clean up our user listing, which should not affect any real-deal users or site content whatsoever.

This will correct our stats re: the true total number of "Active" users, and make things much easier for CMS Support in the future if any of these users are approved for prod access and need their accounts to be created by our team.

Screenshots

Example ghost account -- no roles or sections assigned:

How to verify whether the account was created by the user or by a member of the CMS Support team:

Steps for Implementation

@stefaniefgray will track down the 115 "ghost" accounts remaining on https://prod.cms.va.gov/ and follow the steps listed on the following Notion page to cancel them: https://va-cms-helpdesk.notion.site/Troubleshooting-Ghost-Accounts-26fe814f74d2403ab52085ee0f98525b

Acceptance Criteria

• [ ] Ghost accounts are tracked down, verified, and logged.
• [ ] Ghost accounts are cleared out from https://prod.cms.va.gov/ using the steps listed in the Notion documentation linked above.

Team

Please check the team(s) that will do this work.

• [x] CMS Team
• [ ] Public Websites
• [ ] Facilities
• [ ] Accelerated Publishing

[stefaniefgray]

@BerniXiongA6 @EWashb @maortiz-27-80 Hi all -- here's an end-of-year cleanup task I'd like to tackle. 🧹 It should be pretty quick and easy, I just wanted to get the official go-ahead before proceeding.

If approved, would it be alright to add this to the holiday sprint? Thanks!

[BerniXiongA6]

Hey @stefaniefgray did this ticket ever get started on? We can carry it over to S101 if need be. cc: @maortiz-27-80

[EWashb]

@BerniXiongA6 is this a documented process anywhere? If not, can we make sure to do that please?

[stefaniefgray]

@BerniXiongA6 This task is complete!

113 "ghost" accounts removed as of 1/3/2023 (original count was 115 but double-checked each account and left two)

@EWashb Here's the current Notion documentation about this subject (though it doesn't include steps for auditing the full list -- they can be added!): https://va-cms-helpdesk.notion.site/Troubleshooting-Ghost-Accounts-26fe814f74d2403ab52085ee0f98525b

Please let me know if this looks good, and we can include it in the documentation transfer process. 📝

[EWashb]

This looks good, @stefaniefgray! Yes please let's make sure we are getting all documentation out of the Notion into another space. I anticipate that I'll be the keeper of the documentation and processes, so I would love to have things in Confluence and/or Github. Even if you think it is half-baked it will be better to have it somewhere than no where :) cc: @BerniXiongA6 @maortiz-27-80

[BerniXiongA6]

@stefaniefgray Thanks for the update and let's avoid further adding things to Notion. Let's keep our focus on the VA approved tools for our guidance and documentation: Platform CMS Confluence (for internal team stuff) and CMS GitHub repo (for all other stuff). @maortiz-27-80 and I can discuss with Troy and you if you need further clarity on where to move things. cc: @EWashb

[stefaniefgray]

@BerniXiongA6 For sure! This article was last updated back in July 2022 and covers how to delete ghost accounts, but doesn't cover the process of auditing them as outlined in this ticket. However, with @edmund-dunn 's idea for blocking them from being created in the first place, it doesn't look like the audits will need to happen again in the future. 😃

Can probably be moved to Confluence as-is at this time, and can be retired once #16543 is completed

cc: @EWashb @maortiz-27-80