A "kill switch" for General System Administrators to immediately disconnect individual Alma users
Use case: A library employee (student or staff) responds to a phishing text message by providing their Single Sign-On (SSO) credentials; SSO is used on our campus for Alma authentication. I want to (1) disable all the roles on the library employee's account except for Patron; (2) disconnect the employee if he/she/they/* has an active session in Alma; and (3) be notified with the IP address of the originating computer if he/she/they/* attempts to log in again. I would like to accomplish both #1 and #2 by checking a box ("Disable roles") and moving a slider ("Disconnect user"), WITHOUT having to save the user record. A notification email with the IP address would be useful for #3, because it could be passed on to campus IT and we wouldn't have to worry about taking screen shots.
If #1-#3 are too much together, I'd take #2 alone -- I can get the roles disabled myself, but I want to be able to disconnect a user immediately, much the way I occasionally needed to go onto the Voyager server and kill sessions by process number.
This is functionality that I never needed in seven years on Alma, until the use case happened to us yesterday, at which time I REALLY NEEDED IT!
Patricia Farnan commented
I think this is a good idea - don't have any spare votes.
Deborah Fitchett commented
For #1 I think I'd disable Patron along with the other roles - if the account's compromised then the unauthorised person shouldn't get even that access either.
For #1 and #2 while I agree with skipping the need to save the user record (so easy to forget when in a panic!) it should have a pop up "are you sure you want to ..." confirmation in case of accidental clicking.
Janice Christopher commented
That would be seven years and one day on Alma, in the last sentence!