Access Requests are owned by the IT team, while onboarding, offboarding and internal transition requests are owned by the People Connect Team.
If you have any access requests related questions, please reach out to #it_help or the tool provisioner in Slack.
@gitlab-com/business-technology/end-user-services
in the issue, with no particular SLA.it-help
in the #it_help channel in slack with a note on why it is urgent.You can use this template to request access for individuals or multiple people, as long as all the people are requesting access to the same systems. Create multiple issues using this same template if multiple people require access to different systems. When access is being requested for multiple people who report to different managers but are part of the same department or division, approval can be obtained by the manager at the highest level; that is, the Director, Vice President, or Executive of the department or division.
Instructions:
Full Name, System(s), Role
using the details of the person requesting access information. If bulk access is being requested then Bulk Access, System(s), Role
Step 1. Personal Information
Step 2. Access Request
- [ ] System name: Which vault, which group, which channel, which project, which role?
- Justification for this access: Please explain why this access is needed.
Step 3: Assign to Manager for approval
AR-Approval::Needs Manager Approval
to the issue.Step 4: Managers to do
AR-Approval::Manager Approved
and ReadyForProvisioning
to the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels AR-Approval::Manager Approved
and ready for provisioning
.Step 5: Provisioners to do
Instructions:
Prior to submitting this Issue Request
Instructions on how to submit this issue request
User Details
section and remove or add lines as needed.AR-Approval::Manager Approved
and ready for provisioning
to the issue; if you are the one asking for access, then you have to assign to your manager for approval and they must add the labels AR-Approval::Manager Approved
and ready for provisioning
.GitLab.com
regarding timeline length nearing expiration, close existing issue and log a new Shared Account Access Request and assign to the Shared Account Owner to complete.Access Change Requests are logged when a team member no longer requires access to a currently provisioned system or no longer requires the same level of access (downgraded access from admin to user etc).
Refer to For Total Rewards Analysts: Processing Promotions & Compensation Changes
section of the GitLab handbook for additional information.
It is important to note that while Okta has provisioning/deprovisioning automation in place, this is not a complete/accurate reflection of access provisioning and deprovisioning. Okta has been configured to assign integrated/implemented applications based on a user's role/group. This makes applications accessible via Okta but users may still have the ability to access the systems directly. Refer to Okta Application Stack for a list of applications set up in Okta.
What this means is:
While this application automation will take place in Okta, "true" system provisioning and deprovisioning will still need to be manually completed within the impacted systems via an Access Change Request.
Instructions:
AR-Approval::Manager Approved
and ReadyForProvisioning
:
You can use this template when your name changes.
Instructions:
Full Previous Name to Full New Name - Name Change Request
.dept::to do
. It is up to the department to manage the workflow on who works the issues to completion.If you need to initiate an Access Request process for a new item in the tech stack:
provisioner
deprovisioner