NDUS Account Deprovisioning Process FAQ

To develop a framework around the process and procedures for deprovisioning (inactivating) users and strengthen key components to lifecycle management of users’ accounts with NDUS accounts managed by CTS. Removing access, deleting data remains under retention schedules!

Microsoft 365 is an exception; those accounts will be deleted starting in December 2024 for those that fit the criteria on the chart below.

Improve institutional deprovisioning experience by implementing a consistent process for all institutions.

Reduce cyber risk by deprovisioning unused accounts.

Improve operational efficiency by automating deprovisioning processes for NDUS.

For this initial project, users will be contacted through their NDUS and alternate email addresses approximately 30 days prior to deprovisioning. A reminder will be sent two weeks later and a final reminder two days prior to deprovisioning on or about November 13, 2024. These emails will be sent from no-reply-idm@ndus.edu.

After the initial project, if systems require access longer than 30 days,  users will be notified at 30 days, 2 weeks, and 2 days before the account is deprovisioned. Systems that have immediate removal of access will not receive notification (see list below).

Accounts of faculty/staff who are no longer employed by a NDUS campus or not identified as a POI, and Students who have not been active for over 18 months received a deprovisioning notification. Anyone assigned as a POI before this date will retain their access.

Yes, for the initial deactivation a list of impacted users will be placed in the Files section of the Office 365 channel, in the NDUS Campus IT Support Staff Forum. After the initial project this will become an automated process, and no lists will be provided.

Students admitted but never enrolled, retain access for 18 months after their admission

If a campus needs to retain access to a terminated employee’s email account, the account should be converted to a local account. 

If campuses wish for continued access to systems for users, the POI (Person of Interest) or Contingent Worker Process (the campus makes the decision which they use) may be followed at the campus level. Please work with your Human Resources department for details regarding this process. Campuses are responsible for removing these accounts when they are no longer needed. When accounts are deactivated, they will no longer have access.

If a staff/faculty member is awarded Emeritus status, the campus is responsible to enter them as a POI type 13 (former employee) or Contingent Worker. This status does not have to wait until they are officially Emeritus status, a campus may make this change at any time.

If a staff/faculty member, or a student in certain circumstances, requires continued access to systems, campuses may utilize the POI Type 14 or Contingent Worker process for continued access. See table below for details on access per application.

Without manual intervention, POIs and Contingent Workers are not deprovisioned. A recent identity audit recommended developing a formal process to review and address all dormant and inactive accounts, including POIs. This will be addressed in the operational phase of deprovisioning.

Accounts will be deactivated starting November 13, 2024. Anyone assigned as a POI before this date will retain their access.

Former students needing temporary access to obtain an unofficial transcript will work with their institution to obtain 72-hour access through the “User Application” connected to the NDUS IDM system hours. If the user is unsure of their username/password, they may contact their campus help desk. Further questions should be submitted to CTS through the ticketing system

(https://cts.ndus.edu/help).

Each institution should work with their Registrar’s Office to request access for these students.

If a student requires continued access to systems, campuses may utilize the POI or Contingent Worker process for continued access 

This process will not change from the current process. W-2’s will be accessible as they are now.

All former students remain active for 18 months for Campus Connection regardless of the reason for leaving. After you are no longer active in Campus Connection you will be deactivated 18 months after.

Yes, but only for the applicable systems and applications. For example, a staff and student would retain access to HCM only as defined for tax purposes, while access to Campus Connection would remain for 18 months (about one and a half years).

Subsequent operational phases will define how accounts within the NDUS AD will be managed (inactivated, moved to an Organizational Unit (OU), etc.).

Once an account owner is no longer active within the campus, they will be moved to a former Office 365 licensing group, this will give them an Office 365 A1 license. This includes a smaller mailbox and OneDrive quotas, and the Office 365 version of Office is no longer available. These limits are set by Microsoft.

For professor emeritus, through HR processes, processes are being updated for this to give them an Office 365 A1 for faculty license. The campus can use the Office 365 Licensing Override process to change this license to a Microsoft 365 A3 for faculty license, and they will need to manage this account ensuring it is still needed.

Employees: Upon termination + till May of the following year. 
 
Students: No longer enrolled + 18 months. 

Data deletion is not included in the Deprovisioning process. 

For specifics on any system and application, please consult the respective application owner at CTS.