Student/Staff Account Lockdown

Issue

A student or staff called (or we find out) about their account being compromised with fraudulent activity.

Environment

  • Supervault
  • CSProd

Information

Removing and preventing further access is the top priority when an account is compromised.

Removing groups in SuperVault is key for fraudulent activity on a staff account. Students don’t get any special access via groups. Disabling their account is sufficient.

Infrastructure is the only department that can kill a live session of someone being logged in.

Resolution

  1. Look up user in SuperVault
  2. Disable the account
  3. If Staff, Go to Group Memberships and remove...
    1. ActiveStaff
    2. Staff
    3. 2FA Exception
    4. Alternatively, you can remove all groups to ensure maximum security. To maintain accuracy when restoring the account, it’s important to capture a screenshot or create a list of the existing groups beforehand.
  4. Click Apply
  5. Go to Restrictions tab
  6. Go to Login Restrictions sub-tab
  7. Click Account disabled
  8. Click Apply
  9. Log into CSProd
  10. Look up account under User Profiles
  11. Lock the Account
  12. Contact infrastructure to kill live session after locking down an account
  13. If the user hasn’t been contacted, call the user and inform them of the situation.

 

 

Print Article
Loading...