Skip to content
This repository has been archived by the owner on May 28, 2023. It is now read-only.

Alert regional admins when users are out of compliance with digital security policies #373

Open
CZagrobelny opened this issue Dec 26, 2020 · 0 comments
Labels

Comments

@CZagrobelny
Copy link
Owner

CZagrobelny commented Dec 26, 2020

Background

All user with the role 'admin', 'data_entry', or 'eoir_caller' are required to have 2FA enabled and to provide written confirmation via email that they agree to the digital security policies. To make sure everyone stays in compliance, we want to alert regional admins with a daily email that lists any users who do not meet this criteria so they can follow up with the users individually.

Implementation

Create a rake task that will identify (for each region) any users who:

  • have the role 'admin', 'data_entry', or 'eoir_caller' AND
  • (authy_enabled is false OR agreed_to_data_entry_policies is false)

If there are users that fit this criteria in the region, send an email to each regional admin in the region with the list of users who are not in compliance, including their name and the reason they are not in compliance.

Side note: we've decided to not include links in emails (unless it is absolutely unavoidable) as an anti-phishing measure, so this email should not contain any links.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

1 participant