Educause Security Discussion mailing list archives
Re: Account purge and reissue...
From: Bingdong Li <bli () NSHE NEVADA EDU>
Date: Wed, 9 Oct 2019 17:52:30 +0000
That is exactly what University of Nevada Reno has been doing. Accounts information are stored in AD and a database. It was automated through a timely-based- auto-run program and a web interface. I wrote that program. I hope there is a SaaS vendor to do that because it is time-consuming to write these applications for each organization. Bing From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mandi Witkovsky Sent: Wednesday, October 9, 2019 10:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Account purge and reissue... We keep a record of all usernames associated with a person's campus ID number and if/when they return, they are reissued the same username. Once a username's been used it can only ever be reused for the same person. Of course, duplicates happen, but we strive to keep that to a minimum. We do the same for vanity email addresses. We did this partially for privacy concerns but also for good customer service. Many in our population come and go, and it would be silly to reissue them different usernames each time. We do purge accounts from AD and remove username and email address from connected systems, such as our SIS, but we have a separate repository that keeps a record of all IDs we have ever issued. mandi From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Kimmitt, Jonathan Sent: Wednesday, October 9, 2019 12:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Account purge and reissue... Hi all, We have run into an issue where we are wanting to purge user accounts from our active directory, but the process we are currently using also purges them from our ERP (the username and associated email) from the record (to never be known again). I am curious: 1. How other institutions do this 2. if they have run into any issues with reissuing the account to a new user (and the privacy issues along with that) 3. do you blacklist your accounts to prevent reissue for a number of years? Thoughts? -Jonathan ~ Jonathan Kimmitt CISSP, PCIP, CEH, CIPM, GPEN, CIPT, CIPP/E Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 Jonathan-kimmitt () utulsa edu<mailto:Jonathan-kimmitt () utulsa edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cbli%40NSHE.NEVADA.EDU%7C102e78565de44baab5ae08d74cdc2e02%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C0%7C637062380872638594&sdata=BCZ2W0KUT5qJsZAoLRhEQ6oydsvY3dhRA1NDmlfAjdI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cbli%40NSHE.NEVADA.EDU%7C102e78565de44baab5ae08d74cdc2e02%7C8ff9d11a9e074150ac216eedccccc3d3%7C0%7C0%7C637062380872648588&sdata=1MDq2c7Zy0UWUThDwXncwWyOhL9Cq8wAOKFUp0ISRKs%3D&reserved=0> PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Account purge and reissue... Kimmitt, Jonathan (Oct 09)
- Re: Account purge and reissue... Mandi Witkovsky (Oct 09)
- Re: Account purge and reissue... Bingdong Li (Oct 09)
- Re: Account purge and reissue... Jones, Mark B (Oct 09)
- Re: Account purge and reissue... Jack Suess (Oct 09)
- Re: Account purge and reissue... Kimmitt, Jonathan (Oct 09)
- Re: [EXTERNAL] [SECURITY] Account purge and reissue... Theodore J. August (Oct 09)
- Re: [EXTERNAL] [SECURITY] Account purge and reissue... Kimmitt, Jonathan (Oct 09)
- <Possible follow-ups>
- Re: Account purge and reissue... Sonder, Henk E. (Oct 09)
- Re: Account purge and reissue... Mandi Witkovsky (Oct 09)