665
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Feb 2024
665 points (98.7% liked)
Technology
59598 readers
4434 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
We use MS Teams, and even if there’s so much shit you can throw at it for valid reasons (e.g. not working with AirPods Pro 2, wtf?) this could never happen, as our single MS Office account is linked throughout all the software/services we use (and of course you can’t change your name).
I don’t undertsand why a corporation would give up this kind of central account control and use a service, where - based on the article - most likely a poor IT admin guy has to manually search for the username of a leaving employee.
It would've been connected to his email... You just need good offboarding routines
Ignorance and/or incompetence.
Thats your answer to "I don't understand why"
Slack Business/Enterprise supports SAML single sign-on. At any scale larger than a single team or two this is probably the better way of handling it, then the account gets disabled as soon as it's disabled in the identity provider. Otherwise if I remember right Slack accounts are tied to the email address and users can set their own display names. I used to administrate Slack for ~60 users but now we're on Teams.
Your comment suggests you think IT Admins are told about departing employees, timely or at all.
HR doesn't trust Staff with that knowledge, even if that Staff member needs to disable an account because we must act quickly to protect the company against the same horrible criminals who enjoyed free reign and ultimate trust as the paragons of virtue they were the MOMENT before they were fired.
I don't even work in that sector and HR is the exact same here. Employee did something horribly egregious that got them fired? You're lucky if their supervisor was informed to take them off the schedule. No reason given, just they no longer work here. Did they quit? They no longer work here. Did they get fired? They no longer work here. Can I tell my staff what they did wrong so they don't get fired on short notice? They no longer work here, but you can't tell your staff. WHY THE FUCK NOT?!
I'm thankful our HR gave us notice when I was in Desktop Support.
The rare occasion we received short notice from HR or the general exec of our tech division was due to an immediate termination, and that was usually due to people not passing probation, or for egregious behaviour like sending 100s of GB to their personal email after they resigned and we're in their notice period.
Or we once had a guy who was completely off the rails... we don't know what happened exactly, but a user called up and he was having a manic episode and was convinced someone hacked his account/phone and was listening to him.
We raised it as a concern and a few weeks (maybe a month or so later) we were asked to terminate his account.
I heard he had stopped taking his meds. Hope he's alright now... he was a nice fellow usually.
Our enterprise has all of that automated, who's searching for names manually in any business of nontrivial size....?
This can, and should, be scripted.
Exactly, most services can be tied into a central authentication system/SSO and can automatically be disabled upon disabling an SSO user.