Offboarding Workflow (Insurance Adjuster) - Turing Insurance

Scope/Platform

Scope: Guide for offboarding an Insurance Adjuster via removal from all Application and IAM groups.

Platform: The following platforms and applications will be utilized.

Identity provider: Okta
Email: Microsoft Exchange
Claims management system: Claims Radar (Fictional)
Document Management System: OneDrive
Internal messaging: Microsoft Teams
Ticketing System: ServiceNow

Intro

This article is a guide for a scheduled, voluntary decommissioning of an Insurance Adjuster at Turing Insurance. It will cover all steps of the process and track progress using a checklist. It will track account deactivation and access removal.

Who is this for?

This article is for Help Desk Technicians who have been tasked with ending an Insurance Adjuster's access to Turing Insurance systems.

Prerequisites

In order to carry out the steps as written, the Help Desk Technician must have admin level access to all relevant systems. It assumes but also verifies that all relevant tickets that needed to be submitted by HR and Management, and also that Security has approved.

Approvals

Offboarding Request Ticket #: (Paste Here)
Date and Time Access will be removed: (Paste Here. Mark down time zone.)

HR Submitted:
OR
Management Submitted:

Security Approved:

NOTE: UNLESS SECURITY APPROVES YOU CANNOT PROCEED

Offboarding Intake Checklist

Employee Name:

Manager Name:

Job Title:

Email:

Username:

Location:

Work Phone Number:

Identity & Access Disablement (Okta)

NOTE: DO NOT PROCEED WITHOUT FILLING OUT THIS SECTION

User Account Found
Username Correct:
Email Correct:
Department Correct:
Location Correct:

NOTE: ONCE VERIFIED, PASTE SCREENSHOT IN TICKET

Account Disabled in Okta:

Okta Role Based Groups Removed:

Okta Location Based Groups Removed:

Active Sessions Ended:

'Terminated' Added after Last Name in Okta:

NOTE: REFRESH OKTA TO VERIFY COMPLETION

MFA & Session Revocation

MFA Group removed in AD:

Refresh AD and verify MFA Group removed:

MFA disabled in Microsoft 365 Admin Center:

Refresh Admin Center and confirm MFA disabled:

Force Sign out in Microsoft 365:

NOTE: IF MFA CANNOT BE DISABLED ESCALATE IN SECURITY CHAT

Application Access Removal

AD Account Disabled and Password Reset:

Claims Radar AD Group Removed:

AD Role Based Groups Removed:

AD Location Based Groups Removed:

Refresh AD to confirm groups removed:

'Terminated' added to last name in AD:

Final Verification

Review all steps above again
Okta Disabling Complete:
AD Disabling Complete:
MFA Disabling Complete:
Application Access Revoked:

Inform Offboarding Chat:

Wait for Offboarding Chat Approval:

Documentation & Notifications

Paste this Checklist into Ticket:

Close ticket:

Escalation Criteria

NOTE: IF YOU CANNOT DISABLE ACCESS, REMOVE MFA OR REVOKE SESSIONS, PLEASE ESCALATE TO SECURITY CHAT OR MANAGER IF SECURITY DOES NOT RESPOND WITHIN ONE HOUR.