[x] ASoC - ask in #sos-asoc to remove user from "IBM DevOps Services" group
[x] Slack channels -Remove from private slack channels
[x] Box folders -Remove from Box folders (Example WW CD Team , DevOps Insights Dev , SRE-devops-services, Any squad specific folders )
[ ] Aha! - when the intranet ID is removed from BluePages, the user should be removed from Aha. If you want to be sure, you can contact an admin in #bigblue-aha-liaison Slack channel to remove from the account.
[x] Removal of access to Shared accounts or credentials, in which case immediately trigger their rotation/change
[ ] Revoke/rotate IAM keys the user had access to {do users have any user level keys they use to access services?
[ ] How do we revoke them? Do we care only about IAM keys used to access prod resources or all their IAM keys? If an employee leaves the company they can/should all be revoked, but if they change roles, what should we do? TODO: check with IAM team what happens to keys in a federated account when an employee leaves the company.}
[ ] Revoke/rotate IAM serviceIDs the user had access to
[ ] do users have an user level serviceIDs they use to access services? There shouldn't be any of these.
[x] Rotate secrets to data stores/services the employee had access to in Vault (TODO: need link)
[x] currently, anyone with Vault access can see all secrets because of the way we use it; this makes it painful to have to rotate keys when someone leaves the team. List of people with Access can be seen here
[x] Rotate secrets to data stores/services the employee had access to in KeyProtect (not applicable as of May 2020, will be soon)
[x] Removal of access from Accessshub for
ccs-newrelic[x] Removal of Accesses not managed through AccessHUB
#sos-asocto remove user from "IBM DevOps Services" group[x] Removal of access to Shared accounts or credentials, in which case immediately trigger their rotation/change