Access Requests are owned by the IT team, while onboarding, offboarding and internal transition requests are owned by the People Experience Team.
If you have any access requests related questions, please reach out to #it_help or the tool provisioner in Slack.
@gitlab-com/business-ops/team-member-enablementin the issue, with no particular SLA.
it-helpin the #it_help channel in slack with a note on why it is urgent.
You can use this template to request access for individuals or multiple people, as long as all the people are requesting access to the same systems. Create multiple issues using this same template if multiple people require access to different systems. When access is being requested for multiple people who report to different managers but are part of the same department or division, approval can be obtained by the manager at the highest level; that is, the Director, Vice President, or Executive of the department or division.
Full Name, System(s), Roleusing the details of the person requesting access information. If bulk access is being requested then
Bulk Access, System(s), Role
Step 1. Personal Information
Step 2. Access Request
- [ ] System name: Which vault, which group, which channel, which project, which role? - Justification for this access: Please explain why this access is needed.
Step 3: Assign to Manager for approval
Step 4: Managers to do
ReadyForProvisioningto the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels
ready for provisioning.
Step 5: Provisioners to do
Prior to submitting this Issue Request
Instructions on how to submit this issue request
User Detailssection and remove or add lines as needed.
ready for provisioningto the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels
ready for provisioning.
GitLab.comregarding timeline length nearing expiration, close existing issue and log a new Shared Account Access Request and assign to the Shared Account Owner to complete.
Access Change Requests are logged when a team member no longer requires access to a currently provisioned system or no longer requires the same level of access (downgraded access from admin to user etc).
For People Ops Analysts: Processing Promotions & Compensation Changes section of the GitLab handbook for additional information.
It is important to note that while Okta has provisioning/deprovisioning automation in place, this is not a complete/accurate reflection of access provisioning and deprovisioning. Okta has been configured to assign integrated/implemented applications based on a user's role/group. This makes applications accessible via Okta but users may still have the ability to access the systems directly. Refer to Okta Application Stack for a list of applications set up in Okta.
What this means is:
While this application automation will take place in Okta, "true" system provisioning and deprovisioning will still need to be manually completed within the impacted systems via an Access Change Request.
dept::to do. It is up to the department to manage the workflow on who works the issues to completion.