Actions
communication #160508
openRFC: Disable stale Heroes accounts
Status:
New
Priority:
Normal
Assignee:
-
Category:
Compliance
Target version:
-
Start date:
2024-05-18
Due date:
% Done:
0%
Estimated time:
Description
To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:
- contact users who did not authenticate to the Heroes VPN for >= 6 months
- if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate
This would be manifested in the infrastructure policy, and could be partially automated.
Updated by kskarthik about 20 hours ago
crameleon wrote:
To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:
- contact users who did not authenticate to the Heroes VPN for >= 6 months
- if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate
This would be manifested in the infrastructure policy, and could be partially automated.
I feel this can be fully automated, if we can have proper way to extract vpn logs of users
Actions