search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
283 stars 204 forks source link

[Offboarding Process] Investigate better solution for initiating and processing requests #33755

Open jhouse-solvd opened 2 years ago

jhouse-solvd commented 2 years ago

Description

Sometimes users that open offboarding tickets check off items under “AC” when creating the request using the existing template. This creates confusion for personnel fulfilling the request (ie Ops team members). It appears that tasks have been done when they have not. This can impact security (because of access not being properly revoked) and support workflow.

Problems:

Background/context/resources

Technical notes

Some solution ideas:

Tasks

Definition of Done

jhouse-solvd commented 2 years ago

@mchelen - Some interesting information received 12/10/21:

In a conversation with a requester that works w/ Thoughtworks: Can you share the link or process that you used to initiate the request? We are wanting to improve that process and your input would be helpful.

The response: 

https://github.com/department-of-veterans-affairs/va.gov-team/issues/new?assignees[…]te=offboarding-request.md&title=Offboarding+of+%5Bindividual%5D
https://vajira.max.gov/servicedesk/customer/portal/1/create/7
I got an email of things to do from my team as well
1.  Github/Zenhub/Slack- you may select to remove yourself from the VA organization in Github by creating a ticket to “Remove user from the VA” (second option from the bottom).

Complete all the requested info in the Description part of the ticket.  Include list of all VA tools you have access to even if they are listed in AC section below (ex: Pagerduty, Datadog, SOCKS. etc…)

In the AC section, under  “User removed from the VA GitHub Org” please complete the fill out request to remove yourself from the VA GitHub Org

In the AC section, under the “DVSA Slack” follow instructions to leave a comment on the ticket 

You do not need to enable any checkboxes in the AC section (to be completed by receiver of ticket)

2.  Max.gov, confluence, Jira - if you have access please submit a ticket for the DOTS team to remove yourself here (note: title of ticket is “Request Access”, but it’s also used to remove access).  You can include the following sample content in the ticket: 
Summary: Remove Lighthouse AGY-VA LIGHTHOUSE(NONFEDERAL) for [NAME OF PERSON]
Description: Include name, email, contractor organization 
3.  If you have VA data on your laptop, please wipe machine and provide confirmation you have done so:
VA Data on your laptop
Remove any other confidential documents
RudyOnRails commented 2 years ago

Stumbled across this @jhouse-solvd and was wondering if it it would be too much to create an idempotent job that could be sparked from an Ops admin application or the like. It would be a lot of API's to integrate with though (you know more than I do about the different services/tools etc so I won't even attempt to list!). And some may not offer a programmatic/API method, like Max.gov.

Just wanted to share a coffee thought -- thanks Grande Americano ☕

Have a great weekend, Kevin

jhouse-solvd commented 2 years ago

@RudyOnRails - Thanks for the feedback! There's definitely the opportunity for better validation and automation for this process.

Thanks for sharing! Always stoked to share ideas.