Periodically*, all managers across the organization receive an automated request from Access Auditor (managed by Jon Densmore) asking them to review their employees' network and software access. This gives them a list of all their AD groups, Cleartouch permissions, and access to other applications. The manager must explicitly Approve or Deny each individual permission to verify whether or not the user should continue having that access.
Once the review is complete, Jon will send the IT Service Desk a list of permissions to remove from various systems (AD, Cleartouch, WireXchange, etc.). We would be wise to review the list thoroughly, as sometimes a manager will request that certain access be removed that their employee definitely does still need to keep (even something as obvious as VPN Users or another critical group).
When the Service Desk agent completes the changes in each system, he/she should alert the rest of the team to let them know that the remediation report was processed and to expect an increase in calls/tickets related to issues stemming from these changes, i.e. employees complaining that they no longer have access to something that they previously did.
No further changes are needed - the ticket from Jon with the remediation report can simply be closed after noting that the changes were made as requested. Jon marks all the "Denied" permissions as "Remediated" in Access Auditor as soon as he sends us the report.
*User entitlement reviews occur at least twice yearly (spring and fall), as well as immediately after a new employee's onboarding or an existing employee's position change/transfer to another department.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article