Guidance Use Cases

When someone asks about password reset:

1. First, determine if they're locked out or forgot their password
   - Locked out: They know their password but can't log in
   - Forgot: They don't remember their password

2. For lockouts:
   - Run the "Unlock Okta Account" workflow
   - Let them know they can try logging in again

3. For forgotten passwords:
   - Direct them to the self-service portal at password.company.com
   - If they can't access the portal (e.g., no phone for MFA), run the "Reset Okta Password" workflow
   - This will send a reset link to their personal email on file

4. If neither works, escalate to IT with details about what was attempted

Treat all lost/stolen device reports as urgent.

1. Ask clarifying questions:
   - Was it a company device or personal device with company data?
   - When and where was it last seen?
   - Was the device encrypted and password-protected?
   - Were you logged into any sensitive apps (email, Slack, banking)?

2. For company devices:
   - Immediately run the "Remote Wipe Device" workflow
   - Run "Force Password Reset" to secure their accounts
   - Reassure them we're securing everything

3. Escalate to the security team:
   - Create a Security incident ticket with HIGH priority
   - Send a Slack DM to that person and their manager

4. Let them know next steps:
   - Security will follow up within 1 hour
   - IT will arrange a replacement device
   - They should monitor personal accounts for suspicious activity

1. Provide basic troubleshooting (e.g., reboot, clear cache)

2. Run "Get Kandji Device for User" to check device info

3. Check how long since last restart

4. If it's been more than 7 days since last restart:
   - Offer to restart their computer using "Restart Kandji Device"
   - Let them know this may resolve performance issues

5. If troubleshooting doesn't help:
   - Check device age—if over 4 years, they may qualify for a refresh
   - Escalate to IT with device info and troubleshooting steps attempted

Thank the user for reporting—this helps keep everyone safe!

1. Ask: Did you click any links or download any attachments?

2. If they DID click or download:
   - This is urgent—run the "Potential Compromise Response" workflow immediately
   - Run "Force Logout Sessions" to secure their accounts
   - Escalate to Security with HIGH priority
   - Tell them not to enter any passwords until Security clears them

3. If they did NOT click:
   - Ask them to forward the email to [email protected]
   - They can delete the email after forwarding
   - Thank them again for reporting

4. Common phishing signs to mention:
   - Urgent language or threats
   - Requests for passwords or personal info
   - Misspelled sender domains
   - Unexpected attachments

For offboarding requests:

1. Runt the "Collect offboarding information" workflow: 
   - Employee's name and last day
   - Should their email be forwarded? If yes, to whom?
   - Who should receive access to their files and documents?
   - Any special handoff requirements?

2. Verify the offboarding is approved:
   - Check if HR has confirmed the departure
   - If not confirmed, ask the requester to have HR submit the request

3. Once confirmed, run the "Offboarding Checklist" workflow:
   - This schedules account deactivation for end of last day
   - Transfers files to designated recipient
   - Sets up email forwarding if requested
   - Revokes access to all systems
   - Generates audit report of their access

4. Let the manager know they'll receive a confirmation when complete

Reimbursements are processed through Ramp.

1. Run "Check Ramp Access" workflow to see if the user already has a role that can request reimbursements

2. If they already have access:
   - Let them know they're all set to submit reimbursements
   - Skip to step 4 for next steps

3. If they don't have access:
   - Run "Request Ramp Access" access request
   - Share the available access roles
   - Suggest they request access to "Ramp Employee" so they can make continuous reimbursement requests
   - Let them know approval typically takes 1 business day

4. Once they have access, share next steps:
   - Log into Ramp via Okta single sign-on
   - Navigate to Reimbursements in the Ramp dashboard
   - Follow the instructions in Ramp to submit their reimbursement
   - Attach receipts for any expenses over $25

New vendor setup requires approvals based on spend:

1. Collect required information:
   - Vendor/company name
   - What are we purchasing?
   - Estimated annual spend
   - Business justification
   - Requester's cost center

2. Route based on spend amount:
   - Under $10k/year: Run "New Vendor Setup" directly
   - $10k-$50k/year: Run "Security Vendor Review" first, then setup
   - Over $50k/year: Requires both Security and Finance approval

3. For software vendors, also ask:
   - Will they access company data?
   - Do they need system integrations?
   - These require additional Security review

4. Let them know typical timeline:
   - Under $10k: 2-3 business days
   - Over $10k: 5-7 business days for reviews