Orchestration for user off-boarding

Improper off-boarding practices put organizations at the risk of losing critical data. For example, a former employee whose access permissions are not revoked could tamper with or even steal critical data causing confidentiality breaches. It can also lead to compliance violations and can be quite expensive to fix.

But in most organizations, complete de-provisioning of a user account and associated access permissions takes weeks or sometimes months, after an employee's last day. To summarize, an IT admin must toggle between different applications to perform the following tasks after a user account has been deleted from AD,

• Tasks to be performed in Microsoft 365:
• Remove Microsoft 365 account
• Tasks to be performed in Google Workspace:
• Remove Google Workspace account
• Tasks to be performed in Microsoft Exchange:
• Delete user mailbox
• Tasks to be performed in the ITSM tool:
• Raise a request to revoke the access permissions of the user account that has been deleted.
• Stakeholders to be notified:
• Email or SMS notification sent to the IT admin, team manager and the user about the deleted user account.

ADManager Plus' Orchestration templates can be used in this scenario to ensure clean and secure user off-boarding in a few simple steps, automatically:

1. Create a new Orchestration template

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration template.
3. Then click on the Create New Template button.
4. Enter a suitable Name and Description for the template.
5. To create your own custom Orchestration template you can drag and drop the required blocks among the following to create your template,
• Exchange Actions
• Disable Mailbox - To disable the mailbox associated with a user account.
• Cloud Actions
• Delete Microsoft 365 Account - To delete the associated Microsoft 365 accounts.
• Custom Actions
• Webhook - Select the webhook template with the ITSM tools' API(If supported) configured, that raises a request to revoke the permissions of the user.
  To create a new webhook template, follow these steps.
• Notification template - Select the desired notification template.
  To create a new notification template, follow these steps.
6. Click Save once the template has been created. In case you wish to undo all the changes done to the template, click on the Clear Workflow button to start afresh.

2. Create a new Webhook template to raise a request in the ITSM tool for user deprovisioning

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration template.
3. Click on Configure Webhook.
4. In the URL field, enter the API call.
   Note: The following information can be obtained from the API document of the applications you wish to provision user accounts in.
5. In the Method field, select one of the following HTTP methods,
• Get - To read
• Put - To update or replace
• Post - To create
• Delete - To delete
6. In the Headers field, you can add the required API headers and map them to the suitable header values.
7. Likewise, in the Parameters field, you can add the suitable API parameters and map them to their parameter values.
8. Select the suitable Message Type option and click Save.
   Note: You can use the listed Macros for configuring headers and parameters.
   To use Macros in the URL and Message Type fields, enter them manually.

3. Create a new Orchestration profile to configure the conditions under which the Orchestration template will be executed:

Before you begin, ensure that the mail server settings are configured properly. You can learn more about it here.

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration Profile
3. Click on the Create New Profile button on the top-right corner of the page.
4. Enter a suitable Name and Description for the profile.
5. In the Profile Criteria section, add the conditions under which the template needs to be executed.
6. In the Orchestration profile, add the Orchestration template created in step 1 from the list.
7. Click Save.