[Faccus] UPDATE: WatIAM & Nexus Applicant Account Reclamation Project - Deletions complete

Natasha Jennings njennings at uwaterloo.ca
Mon Jul 4 10:51:40 EDT 2016


Good morning,

Project update:  The deletion of dormant applicant accounts completed this past weekend (as per the criteria listed below), resulting in the deletion of 183,140 accounts from WatIAM and Nexus.

Reviewing the list of deleted accounts: If interested, the list of deleted accounts can be retrieved by those with appropriate access:

*         Location: watserv1:/sagroup/UWdir-II

*         File name: 'deletedAccounts.csv'
Please contact me directly if you do not have access but would like to review the list.

Next steps: The final phase of this project will be to develop an ongoing procedure for the continued maintenance of dormant accounts.

Account Criteria: The Registrar's Office, Graduate Studies Office, Student Accounts, and Centre for Extended Learning (CEL) were consulted and have assisted in identifying the unused accounts by measuring them against four main criteria:

1.      The applicant must exist in WatIAM.

2.      The admit term on the applicant's record must be less than Winter 2014.

3.      The only recorded affiliation for the identity is that of an applicant by Quest.
A list of candidate accounts will be provided to system administrators for further validation. Ultimately, two separate lists will then be created:

1.      Accounts of applicants that have no other affiliated authoritative source data, and

2.      Accounts that have any unexpected membership in Nexus security groups.

Questions or concerns? Please contact Mike Gaspic, mgaspic at uwaterloo.ca<mailto:mgaspic at uwaterloo.ca>.


Recipients of this message: ist-staff, ctsc, faccus, wnag, additional individual contacts



Natasha Jennings
Communications Officer
Information Systems & Technology (IST)
University of Waterloo
519-888-4567 ext. 47951
[university-of-waterloo-logo-esig]

From: Natasha Jennings
Sent: Monday, May 30, 2016 9:33 AM
To: ist-staff at lists.uwaterloo.ca; ctsc at lists.uwaterloo.ca; faccus at lists.uwaterloo.ca; 'wnag at engmail.uwaterloo.ca' <wnag at engmail.uwaterloo.ca>; 'afleming at sciborg.uwaterloo.ca' <afleming at sciborg.uwaterloo.ca>; 'broehl at ecemail.uwaterloo.ca' <broehl at ecemail.uwaterloo.ca>; 'cpgray at connect.uwaterloo.ca' <cpgray at connect.uwaterloo.ca>; 'dherman at connect.uwaterloo.ca' <dherman at connect.uwaterloo.ca>; 'kmcgowan at connect.uwaterloo.ca' <kmcgowan at connect.uwaterloo.ca>; 'accounts at mfcf.math.uwaterloo.ca' <accounts at mfcf.math.uwaterloo.ca>; 'advserve at mailservices.uwaterloo.ca' <advserve at mailservices.uwaterloo.ca>; 'ltian at connect.uwaterloo.ca' <ltian at connect.uwaterloo.ca>; 'ps-admin at lists.uwaterloo.ca' <ps-admin at lists.uwaterloo.ca>; 'webslave at lists.uwaterloo.ca' <webslave at lists.uwaterloo.ca>; 'sas-technicals at lists.uwaterloo.ca' <sas-technicals at lists.uwaterloo.ca>; 'cecaint1 at connect.uwaterloo.ca' <cecaint1 at connect.uwaterloo.ca>; Randy Dauphin <rdauphin at uwaterloo.ca>; Nigel Henriques <nigel.henriques at uwaterloo.ca>; Isaac Morland <ijmorland at uwaterloo.ca>
Subject: REMINDER: WatIAM & Nexus Applicant Account Reclamation Project

This message is intended for managers of systems that currently consume the daily Extract file from Quest.

REMINDER: A list of potential accounts has been generated for review and feedback. Please note that each userid will undergo a final verification check to ensure the status of the identity has not changed just prior to deletion. In some rare cases from the time the list is generated to the actual deletion date, an account status could change and we want to ensure no valid users are removed from WatIAM.

What you need to do? (For system owners and administrators): The list of applicants designated for deletion and userid reclamation are available in the same directory on Watserv1 as the Extract file. Please review the file 'applicants to be deleted.csv'. If there are accounts listed that should not be deleted, please forward them to Mike Gaspic, mgaspic at uwaterloo.ca<mailto:mgaspic at uwaterloo.ca>, by June 1, 2016. Account deletions will begin on June 6.

Questions or concerns about this project can be sent to Mike Gaspic, mgaspic at uwaterloo.ca<mailto:mgaspic at uwaterloo.ca>.


Recipients of this message: ist-staff, ctsc, faccus, wnag, additional individual contacts


Natasha Jennings
Communications Officer
Information Systems & Technology (IST)
University of Waterloo
519-888-4567 ext. 47951
[university-of-waterloo-logo-esig]

From: Natasha Jennings
Sent: Tuesday, April 05, 2016 1:54 PM
To: ist-staff at lists.uwaterloo.ca<mailto:ist-staff at lists.uwaterloo.ca>; ctsc at lists.uwaterloo.ca<mailto:ctsc at lists.uwaterloo.ca>; faccus at lists.uwaterloo.ca<mailto:faccus at lists.uwaterloo.ca>; 'wnag at engmail.uwaterloo.ca' <wnag at engmail.uwaterloo.ca<mailto:wnag at engmail.uwaterloo.ca>>; 'afleming at sciborg.uwaterloo.ca' <afleming at sciborg.uwaterloo.ca<mailto:afleming at sciborg.uwaterloo.ca>>; 'broehl at ecemail.uwaterloo.ca' <broehl at ecemail.uwaterloo.ca<mailto:broehl at ecemail.uwaterloo.ca>>; 'cpgray at connect.uwaterloo.ca' <cpgray at connect.uwaterloo.ca<mailto:cpgray at connect.uwaterloo.ca>>; 'dherman at connect.uwaterloo.ca' <dherman at connect.uwaterloo.ca<mailto:dherman at connect.uwaterloo.ca>>; 'kmcgowan at connect.uwaterloo.ca' <kmcgowan at connect.uwaterloo.ca<mailto:kmcgowan at connect.uwaterloo.ca>>; 'accounts at mfcf.math.uwaterloo.ca' <accounts at mfcf.math.uwaterloo.ca<mailto:accounts at mfcf.math.uwaterloo.ca>>; 'advserve at mailservices.uwaterloo.ca' <advserve at mailservices.uwaterloo.ca<mailto:advserve at mailservices.uwaterloo.ca>>; 'ltian at connect.uwaterloo.ca' <ltian at connect.uwaterloo.ca<mailto:ltian at connect.uwaterloo.ca>>; 'ps-admin at lists.uwaterloo.ca' <ps-admin at lists.uwaterloo.ca<mailto:ps-admin at lists.uwaterloo.ca>>; 'webslave at lists.uwaterloo.ca' <webslave at lists.uwaterloo.ca<mailto:webslave at lists.uwaterloo.ca>>; 'sas-technicals at lists.uwaterloo.ca' <sas-technicals at lists.uwaterloo.ca<mailto:sas-technicals at lists.uwaterloo.ca>>; 'cecaint1 at connect.uwaterloo.ca' <cecaint1 at connect.uwaterloo.ca<mailto:cecaint1 at connect.uwaterloo.ca>>; 'stms at watserv1.uwaterloo.ca' <stms at watserv1.uwaterloo.ca<mailto:stms at watserv1.uwaterloo.ca>>; Randy Dauphin <rdauphin at uwaterloo.ca<mailto:rdauphin at uwaterloo.ca>>; Nigel Henriques <nigel.henriques at uwaterloo.ca<mailto:nigel.henriques at uwaterloo.ca>>
Subject: WatIAM & Nexus Applicant Account Reclamation Project

Good afternoon,

In January 2016, a project was initiated within information Systems & Technology (IST) to address the large number of accounts in WatIAM and the Nexus Active Directory (Nexus) The total number of accounts in these systems now exceeds 500,000 and approximately 200,000 of these accounts were generated for applicants who never attended Waterloo. The key objective of this project is to identify these now unused applicant accounts and purge them from WatIAM and Nexus. Benefits of this action are:

*         Smaller set of data within the Extract file for downstream systems to consume, which in turns reduces required identity data processing time (e.g. Faculty applications/Quest).

*         Reclaim userids associated with the unused Quest account such that they can be reissued to new identities.

*         Reduce the number of accounts to be migrated to the new Identity Management System.

*         Improve security by reducing the number of accounts that could be compromised.
The Registrar's Office, Graduate Studies Office, Student Accounts, and Centre for Extended Learning (CEL) were consulted and will assist in identifying the unused accounts by measuring them against four main criteria:

1.      The applicant must exist in WatIAM.

2.      The admit term on the applicant's record must be less than Winter 2014.

3.      The only recorded affiliation for the identity is that of an applicant by Quest.
A list of candidate accounts will be provided to system administrators for further validation. Ultimately, two separate lists will then be created:

1.      Accounts of applicants that have no other affiliated authoritative source data, and

2.      Accounts that have any unexpected membership in Nexus security groups.
Both of these lists will be provided to owners and administrators of systems that consume the Extract file for additional verification (details to follow). Quest staff will also receive these new lists and remove only the unused userid from the applicant record. All other data will remain intact. If in the future an applicant was to reapply to Waterloo, they will be assigned a new userid.

The timeline for these actions are:

April 15 - Quest to provide WatIAM with initial list of applicants

May 2 - WatIAM to make available files of accounts to be purged:

*         First file - all accounts of applicants that have no affiliated source data or roles

*         Second file - all accounts where applicants have membership in Nexus security groups that require greater scrutiny
May 17 - WatIAM to purge accounts from the first file
-- Quest to remove userids from applicant records

July 11 - WatIAM to purge accounts from the second file, excluding those that may be excluded per feedback from system administrators

July 11 to 28 - develop an annual process to purge applicant accounts

Questions or concerns about this project can be sent to Mike Gaspic, mgaspic at uwaterloo.ca<mailto:mgaspic at uwaterloo.ca>.


Recipients of this message: ist-staff, ctsc, faccus, wnag, additional individual contacts


Natasha Jennings
Communications Officer
Information Systems & Technology (IST)
University of Waterloo
519-888-4567 ext. 47951
[university-of-waterloo-logo-esig]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20160704/916b915d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5807 bytes
Desc: image001.png
URL: <http://lists.uwaterloo.ca/pipermail/faccus/attachments/20160704/916b915d/attachment-0001.png>


More information about the Faccus mailing list