Alerting capabilities to Team Managers for users who are close to deactivation

Implementing alerting capabilities in Zebra to notify team managers about users who are close to deactivation due to inactivity, or the end of their access period requires a combination of custom scripts, Zebra's event system, and possibly integrating with external notification services. While Zebra natively focuses on authentication and authorization, its extensible architecture supports the development of custom solutions for specific workflow requirements, such as alerting.

Functional Capabilities

  • Event Listeners: Zebra allows for the development of custom event listeners that can trigger actions based on various events within the system.

  • Admin Console: The Admin Console provides comprehensive access to user information, including attributes that could indicate a user's inactivity or pending deactivation status.

  • Zebra Workflows for Alerting: Utilise Zebra Workflows to automate user inactivity alerts: Trigger: Set the workflow to trigger based on a scheduled interval (e.g., daily).

  • User Last Login Check: Within the workflow, access user data (including last login) from Zebra.

  • Alert Threshold Definition: Define an "alert threshold" (e.g., 30 days before deactivation).

  • Identify Users Nearing Deactivation: Find users whose inactivity is approaching the threshold and belong to OUs managed by specific Team Managers within Organisation.

  • Alert Sending: Utilise Zebra's notification features to send alerts to designated Team Managers.

Implementation Steps

  • Identify Criteria for Alerts: Define the specific criteria that would trigger an alert to team managers. This could be based on a user's inactivity period approaching the organisation's threshold or the upcoming expiry of their access period.

  • Develop a Custom Notification Template: Depending on Organisation's existing template, develop a custom notification system or integrate with an existing one (e.g., email servers). This system will be used to send alerts based on the criteria defined.

  • Create a Scheduled Script or Service: Develop a script or service that periodically queries Zebra for users meeting the alert criteria. This could involve checking for users with a lastActiveDate approaching the inactivity threshold or users with an accessExpiryDate soon to be reached.

  • Implement Logging and Monitoring: Ensure that all alerting activities are logged for auditing purposes, and establish monitoring for the alerting system to ensure it operates reliably.

Xaana’s Differentiation - Best Practices

  • Clear and Actionable Alerts: Xaana recommends to ensure that alerts template sent to team managers are clear, concise, and include actionable steps. For example, provide instructions for reviewing the user's activity, extending access if warranted, or confirming deactivation.

  • Regular Review of Alerting Criteria: Xaana recommends Organisation should periodically review and adjust the criteria for sending alerts, ensuring they remain aligned with operational requirements and security policies.

  • Test and Validate: Before full deployment, Xaana will thoroughly test the alerting mechanism in a controlled environment to ensure it correctly identifies users nearing deactivation and that alerts are delivered as expected.

Last updated