How can "Privileged Roles" in the IAM Service be revoked for an employee?


Privileged Roles (e.g. LEA Administrator, LEA Data Auditor, LEA Help Desk, LEA Student Help Desk, School Help Desk, and/or School Student Help Desk) can be revoked in either of two ways:

1. The user with the elevated privilege can self-revoke a role by using the same workflow process they used to originally request the role.

For example, after logging into the IAM Service:

  • Click Requests (from the Applications drop down)
  • My Entitlements (along the left side)
  • Uncheck the role to be revoked
  • Click the Request button at the bottom of the screen

The privileged role would be revoked immediately.


2. LEA Administrators at the PSU may request role removal by opening a Sales Force ticket with Identity Automation by: 


NOTE:  While an LEA Administrator doesn't have the ability to *directly* remove another employee's elevated privileges, an LEA Administrator *does* have the ability to immediately disable an account if needed.  That process is described in the Training Videos (see the Applications tab -> Training ->  LEA Administrator Training -> "How do I disable someone's account?")