You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 13
Next »
We licensed LastPass on 06/09/2020. We're actively working to migrate away from Stache and in to LastPass. LastPass has better search, is easier to use, and is more secure for our purposes.
Permissions & Architecture
Permissions
- laits-critical@austin.utexas.edu is the Identity Admin of our LastPass instance
- The password for this account is (funnily enough) stored in Stache under LAITS-LastPass
- Access to this account is not needed for routine administration
- Our Groups are meant to mirror existing groups in Stache
- LAITS-Admins replaces ATS-Stache-Owners
- LAITS-DSS replaces ATS-DSS
- LAITS-DE is a new group created for desktop engineering
- LAITS-Management is a new group for managers
- The Zone groups have been discarded
Folder Architecture
- Departmental Information
- Each Department will have a shared folder named after it, "SHARED-DEPT"
- Printers for each department will be created as a password/login.
- This will only needs to include the URL/Ip address, name of the printer, username, and password
- Given the number of printers we have, these will be migrated in waves in a separate project
- Encryption keys for each department will be stored in a secure note titled "DEPT Encryption Keys"
- Additional departmental credentials will be stored in the secure note titled "DEPT Credentials"
- Licenses will be stored in the secure note titled "DEPT Licenses"
- If any of these entries don't exist for a given department, please go ahead and create them
- Administrative
- Passwords to old accounts, like la-admin or ats-admin
- Passwords to tools like Deepfreeze
Onboarding & Offboarding
We have 38 LastPass licenses to share amongst staff. These can be reassigned as staff join or leave LAITS.
Offboarding
- To be completed immediately once someone leaves LAITS, by an Admin.
- Log on to the admin console user's page (Lastpass.com > Admin Console > Users)
- Find the staff in question, remove the admin role if appropriate, and then delete their account.
- Note: Don't just disable it, delete it.