Actions
communication #160508
openRFC: Disable stale Heroes accounts
Status:
New
Priority:
Normal
Assignee:
-
Category:
Compliance
Target version:
-
Start date:
2024-05-18
Due date:
% Done:
0%
Estimated time:
Description
To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:
- contact users who did not authenticate to the Heroes VPN for >= 6 months
- if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate
This would be manifested in the infrastructure policy, and could be partially automated.
Updated by kskarthik about 2 hours ago
crameleon wrote:
To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:
- contact users who did not authenticate to the Heroes VPN for >= 6 months
- if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate
This would be manifested in the infrastructure policy, and could be partially automated.
I feel this can be fully automated, if we can have proper way to extract vpn logs of users
Actions