Best practice for deactivating users?

Suggy
Giga Sage

‎02-18-2024 05:08 AM

Hello,

Best practice for deactivating users?

Should it be automated via AD / Azure? or should we use catalog item (user offboarding?)

 

How are you managing today?

0 Helpfuls
  • 2,095 Views
10 REPLIES 10

Sohail Khilji
Kilo Patron
Kilo Patron

‎02-18-2024 05:15 AM

Hi @Suggy ,

 

Usually users are managed by AD, on top of there Organization uses several ways to manage user. 

 

Yes you can create catalog item to manage them and use workflow to automatically disable user.

 

Sometimes you can also use schedule job to deactivate the users if the 'last login' field is in last 6months or 1 year etc...

 

I hope this helps...


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

Anand Kumar P
Giga Patron
Giga Patron

‎02-18-2024 07:13 AM

Hi @Suggy ,

-->If your company uses Active Directory or Azure, set up a way to automatically turn off users in ServiceNow when they’re deactivated in AD/Azure.
-->Create a regular check in ServiceNow to see who hasn’t used the system in a while and turn them off if needed.
--->Make a catalog form for when someone leaves the company so HR can easily request to turn off their access to ServiceNow.

 

Mark it as helpful and solution proposed if it serves your purpose.
Thanks,
Anand

Dr Atul G- LNG
Tera Patron
Tera Patron

‎02-18-2024 07:52 AM

Hi @Suggy 

 

Deactivation is very important step and need to do very carefully, 

 

Before we add this on platform, we need to define the process.

- Make sure the account deactivation must be done via catalog item.

- Add approval in same

- Before deactivation, please check is user has owner of group/ reports / dashboards so that before deactivation the records transfer to new user.

- As part of offboarding , try to account locked instead of active = false.

 

Rest as been suggested by @Anand Kumar P  @Sohail Khilji  is also a good way.

 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Suggy
Giga Sage
In response to Dr Atul G- LNG

‎02-18-2024 09:25 PM

Hi @Dr Atul G- LNG 

You said "As part of offboarding , try to account locked instead of active = false." - Any rationale behind this?

 

Also what do you recommend? Asking this question because you mentioned both statements "Make sure the account deactivation must be done via catalog item" AND "Rest as been suggested by @Anand Kumar P  @Sohail Khilji  is also a good way." which are not the same.

 

What I leaning towards is your answer because that we also validating with the help of approvers + validations wrt group/ reports / dashboards/scheduled jobs etc if any

 

PS - I know the various ways we can deactivate, but I am looking for BEST practices here 🙂

 

0 Helpfuls