[Faccus] WatIAM & Nexus Applicant Account Reclamation Project

Natasha Jennings njennings at uwaterloo.ca
Tue Apr 5 13:54:17 EDT 2016


Good afternoon,

In January 2016, a project was initiated within information Systems & Technology (IST) to address the large number of accounts in WatIAM and the Nexus Active Directory (Nexus) The total number of accounts in these systems now exceeds 500,000 and approximately 200,000 of these accounts were generated for applicants who never attended Waterloo. The key objective of this project is to identify these now unused applicant accounts and purge them from WatIAM and Nexus. Benefits of this action are:

*         Smaller set of data within the Extract file for downstream systems to consume, which in turns reduces required identity data processing time (e.g. Faculty applications/Quest).

*         Reclaim userids associated with the unused Quest account such that they can be reissued to new identities.

*         Reduce the number of accounts to be migrated to the new Identity Management System.

*         Improve security by reducing the number of accounts that could be compromised.
The Registrar's Office, Graduate Studies Office, Student Accounts, and Centre for Extended Learning (CEL) were consulted and will assist in identifying the unused accounts by measuring them against four main criteria:

1.      The applicant must exist in WatIAM.

2.      The admit term on the applicant's record must be less than Winter 2014.

3.      The only recorded affiliation for the identity is that of an applicant by Quest.
A list of candidate accounts will be provided to system administrators for further validation. Ultimately, two separate lists will then be created:

1.      Accounts of applicants that have no other affiliated authoritative source data, and

2.      Accounts that have any unexpected membership in Nexus security groups.
Both of these lists will be provided to owners and administrators of systems that consume the Extract file for additional verification (details to follow). Quest staff will also receive these new lists and remove only the unused userid from the applicant record. All other data will remain intact. If in the future an applicant was to reapply to Waterloo, they will be assigned a new userid.

The timeline for these actions are:

April 15 - Quest to provide WatIAM with initial list of applicants

May 2 - WatIAM to make available files of accounts to be purged:

*         First file - all accounts of applicants that have no affiliated source data or roles

*         Second file - all accounts where applicants have membership in Nexus security groups that require greater scrutiny
May 17 - WatIAM to purge accounts from the first file
-- Quest to remove userids from applicant records

July 11 - WatIAM to purge accounts from the second file, excluding those that may be excluded per feedback from system administrators

July 11 to 28 - develop an annual process to purge applicant accounts

Questions or concerns about this project can be sent to Mike Gaspic, mgaspic at uwaterloo.ca<mailto:mgaspic at uwaterloo.ca>.


Recipients of this message: ist-staff, ctsc, faccus, wnag, additional individual contacts


Natasha Jennings
Communications Officer
Information Systems & Technology (IST)
University of Waterloo
519-888-4567 ext. 47951
[university-of-waterloo-logo-esig]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20160405/96395c03/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5807 bytes
Desc: image001.png
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20160405/96395c03/attachment-0001.png>


More information about the Faccus mailing list