Identity & Access Management

• Active Directory groups are widely used to grant access to file shares and applications.
• The Identity and Access Management system will automatically remove the WashU Key account from all active directory group memberships that are automatically provisioned based on data from the Workday employee record or that are manually provisioned.

• Access to Box for terminated faculty and staff is automatically removed based on the date of termination in Workday.
• Departments may request the Box contents for former employees be transferred to their former manager for disposition.
• If the former faculty or staff member is also a student Box access is retained.

  • Upon graduation students have 91 days to transfer their Box account and contents to a personal Box account.
  • If you were a student worker at any time, you will lose access to Box when you leave the institution. The 91 day rule no longer applies.

• Retired Faculty who have received an approved Academic Services Access role get to keep their Box account with a 1 terabyte storage limit applied. Access is subject to being removed if not actively in use.
• People with an Emeritus role in Workday retain their Box access indefinitely.

The following notes do not include anything related to mailbox access or licensing. They refer to email address only:

• • WashU IT will automatically disable WashU email access for all departing WashU Medicine faculty and staff on their final day of employment or if they are also alumni or students. Email sent to the disabled account will continue to be delivered for 90 days after separation.

• • The expiration date is set automatically, and no department intervention is required.

• • If the former faculty or staff member is also a student or alumni the wustl.edu email address is retained and supported by their current role.

    • • The wustl.edu email address may be retained upon request of the departing department. This process requires the department to coordinate with the WashU IT Service Desk as well as the impacted individual as they will receive a new email address, WashU Key, and Office 365 mailbox.

• • Retired faculty who have received an approved Academic Services Access role keep their University Email.

• • People with an Emeritus role in Workday retain their wustl.edu address indefinitely.

WashU IT will automatically disable WashU Key accounts for some former WashU Medicine faculty and staff who have been separated from the University for 2-years or more. If a former faculty or staff member is also an alumni or student, their WashU Key account will remain enabled.

• Active Directory groups are widely used to grant access to things like file shares and applications.
• The Identity and Access Management system will automatically remove the WashU Key account from all active directory group memberships that are automatically provisioned based on data from the Workday employee record or manually provisioned.

• Access to Box for terminated faculty and staff is automatically removed based on the date of termination in Workday.
• Departments may request the Box contents for former employees be transferred to their former manager for disposition.
• If the former faculty or staff member is also a student Box access is retained

  • Upon graduation students have 91 days to transfer their Box account and contents to a personal Box account.
  • If you were a student worker at any time, you will lose access to Box when you leave the institution. The 91 day rule no longer applies.

• People with an Emeritus role in Workday retain their Box access indefinitely
• Retired Faculty who have received an approved Academic Services Access role get to keep their Box account with a 1 terabyte storage limit applied. Access is subject to being removed if not actively in use.

• Access to the M365 mailbox is not automatically removed for terminated faculty and staff.
• Licenses applied that provide access to services such as Teams and OneDrive are automatically removed upon termination.
• Email Distribution Group membership is not automatically removed for terminated faculty and staff.
• Departments may contact the WashU IT Service Desk to request that M365 mailbox access and Distribution Group membership be removed.
• People with an Emeritus role in Workday retain their M365 mailbox and access indefinitely.

University Email – (user@wustl.edu)

The following notes do not include anything related to mailbox access or licensing. They refer to email address only:

• The wustl.edu email address will be set to expire 91 days from the date of termination in Workday.
• The expiration date is set automatically, and no department intervention is required.
• If the former faculty or staff member is also a student or alumni, the wustl.edu email address is retained and supported by their current role.
  • The wustl.edu email address may be retained upon request of the departing department. This process requires the department to coordinate with the WashU IT Service Desk and the impacted individual, as they will receive a new email address, WashU Key, and Office 365 mailbox.
• People with an Emeritus role in Workday retain their wustl.edu address indefinitely.
• Departments may request an extension of the wustl.edu email address expiration for a period not to exceed one year. Departments must request additional extensions to support business operations.

The WashU Key will remain active indefinitely and in many cases departments must identify application or system access that needs to be removed upon an employee termination or transfer event.

• • The WashU IT Service Desk can disable the WashU Key upon request of the department.

    • • If the former faculty or staff member is also a student or alumni the WashU Key may be disabled for a short and defined period of time to allow for the department to coordinate removal of application and system access.