This site requires JavaScript to be enabled
361 views

20.0 - Updated on 2024-10-16 by Lobsang Wangmo

19.0 - Updated on 2023-01-27 by Amy Luu

18.0 - Updated on 2023-01-24 by Nicole Williams

17.0 - Updated on 2022-05-02 by Kathleen McLeod

16.0 - Updated on 2021-11-29 by Kathleen McLeod

15.0 - Updated on 2021-10-28 by Jason Quay

14.0 - Updated on 2020-09-08 by Jason Quay

13.0 - Updated on 2020-06-18 by Amy Luu

12.0 - Updated on 2020-06-18 by Kathleen McLeod

11.0 - Updated on 2020-02-27 by Amy Luu

Decommissioning Employee Email Account & Access to Central Enterprise Systems (AMS, ROSI, Quercus)

Procedure for Decommissioning an Account


Instructions

  1. Carefully read this knowledge article.
  2. Access the online Employee Offboarding form at this URL: https://uthrprod.service-now.com/sp?id=sc_cat_item&sys_id=58510cca1bac5510d57786e9cd4bcb82
  3. Complete the actions outlined on the Employee Offboarding form.

This article describes the process for decommissioning an email account and removing access to central enterprise systems (AMS, ROSI, Quercus) for an employee who is leaving the University.

Please note that the offboarding process should be completed for any employee with an Office 365 account and a UTORid.

  1. The decommissioning process commences with an HR termination of employment transaction in HRIS. [1] This transaction sets an end-date for employment and will update the UTORauth/UTORable (authentication system) employee status flags.
    1. This HRIS action is initiated in the department by the business officer/manager. [2]
    2. For tracking purposes, in addition to implementing the HRIS event, an offboarding [3] ticket should be opened in ESC by the business officer.
  2. The UTORauth flags will indicate that the employee is no longer an active. The termination event updates UTORauth.
    1. Once HRIS is updated, the data are passed to UTORauth automatically. [4]
    2. AMS will automatically remove access to HRIS, FIS, RIS, and F&S.
    3. Decommissioning SIS (ROSI, Degree Explorer, Course Information Systems, eMarks, and other NGSIS applications) is not automatic. The checkbox for revoking the employee’s access to SIS must be selected to trigger decommission. 
    4. Office 365 will start a 30-day countdown [5] for the account license to be decommissioned.
    5. If the employee has another status flag, for example, they are also a student though their primary role was employee, we will work with the department to remove the work-related email from the account. The remaining student account domain will be changed to @mail.utoronto.ca.
  3. A notification from Office 365 to the departing employee's supervisor will be sent. This gives the supervisor time to review the account with the employee before it is closed by the Office 365 license being removed. [6]
  4. All email content for a departing employee will be retained for a period of 2 years.
  5. When the email account is decommissioned, upon request from the department, ITS will place an auto-reply message on the account for up to 6-months so as to advise those sending mail to the account that the employee is no longer in this position. [7]

[1] This document is focused on the basic use case of an employee leaving the University's employment, before or at their normal retirement date. The special case of employees from the Federated Universities is a variation on the process because they do not use HRIS.

[2] This request must come from the staff authorized to initiate decommissioning, specifically, the Business Officer or HR Generalist.

[3] Note: In this basic case, decommissioning does not include the decommissioning of the UTORid. The UTORid remains valid as it may be used for other applications that the departing employee is still entitled to use. If there is a requirement to "lock" a UTORid, the Information Security department must be involved. This is a different scenario and will be documented in a different process.

[4] This is not the case with the Federated Universities as noted above, and a special triggering process is required.

[5] This timeline can be changed at a system level. 30 days is the default period.

[6] This function is called "Manager Delegate" and it is based on the hierarchical relationships stored in HRIS. The same relationships are used for Manager Self-Service. Care must be taken to ensure the correct association before providing account access.

[7] Note: In this case, the employee is leaving the organization and they are not moving to another department so an auto-reply message is appropriate.