Lost or stolen device
- 20 Feb 2024
- 3 Minutes to read
- DarkLight
Lost or stolen device
- Updated on 20 Feb 2024
- 3 Minutes to read
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Follow this tutorial to create an initial workflow for when an employee loses a phone or work computer, to log them out of sensitive workspaces and change sensitive information.
- Create a workflow using a trigger such as Slack Slash Commands or Discord Slash Commands that will trigger upon a slash command such as /lostdevice or /missingdevice.
- Optionally, alert the Slack, Discord, or Microsoft IT channel, the CISO, or the IT manager that the workflow has been initiated using the appropriate vendor's Send Message step.
- Use a Get Employee step with the triggering employee email, according to whichever HR system your organization uses:
- Hibob
- BambooHR
- Or use a custom HTTP step and the API of your organization's HR system.
- Ask the employee what kind of device was lost: a mobile phone or a computer.
- Gather all JumpCloud user details, to match them most efficiently to the appropriate email and device. The following group of steps can be turned into a nested workflow to enable maximum efficiency:
- Variable > Set Variable
- Name: Data
- Data type: Number
- Value number: 0
- Operator > Loop
- Type: Range
- Start: 1
- End: 100
- Jumpcloud > List Users
- Offset: {{ $.set_variable.data}}
- Operator > If
- {{ $.list_users.api_object.results }} = Not Empty
- False: Operator > Break loop
- True: Continue
- Operator > Collect
- Input: {{ $.list_users.api_object.results }}
- Math utils > Solve Equation
- Input: {{ $.set_variable.data }}+100
- Variable > Set Variable
- Name: Data
- Data type: Number
- Value number: {{ $.solve_equation.result }}
- Outside of the loop, place an Operator > Exit step
- Workflow Output: {{$.collect_1.result}}
- Variable > Set Variable
- Parallel loop through {{ $.list_all_jumpcloud_users.output }}
- Inside the loop, put two If operators.
- In the first If, collect the {{ $.loop_value }} if {{ $.loop_value.displayname }} equals the {{ $.get_full_details_of_employee.api_object.displayName }}
- In the second If, collect the {{ $.loop_value }} if {{ $.loop_value.displayname }} equals the {{ $.get_full_details_of_employee.api_object.work.manager }}
- Optionally, use Slack, Teams, Discord, Zoom, or whatever chat message service you want to send messages to the employee's manager, the company CISO, and the IT manager to notify them of the lost device.
- Using a Switch operator, create two scenarios: one for a lost mobile device, and one for a lost company laptop. Add whichever other Switch branches apply to your company.
- If a lost mobile device:
- Optionally send messages through your communication channel of choice to the CISO & head of IT.
- Reply to the user who initiated the lost device a message such as:
- *It is recommended that you will take the following actions:*
-- Contact your cellular company to block your sim.
-- Reset your passwords for your cloud services: email, PayPal, Bank account, and any social network you use.
-- Cancel any credit card assigned to your mobile device's wallet.
- *It is recommended that you will take the following actions:*
- If a lost company laptop:
- Use the JumpCloud step List systems associated with user to find all the employee's devices.
- Optionally, send the list of devices to your CISO and IT manager.
- For both lost items, add the following steps to log out users and change the passwords:
- Google Workspace: Generate a bearer token step to create a token to use Google suite steps.
- Google Workspace: Get user details to get the details of the user who triggered the workflow.
- Using an HTTP Step force sign out the user from Google accounts with this POST request: https://admin.googleapis.com/admin/directory/v1/users/{{$.get_user_details.api_object.id }}/signOut
- Cryptographic Utils: Generate random password with a suggested length of 14.
- Using an HTTP step reset the Jumpcloud user password with this PUT request: https://console.jumpcloud.com/api/systemusers/{{$.employee.result.0._id }}.
- Use an If operator for if the password reset fails.
- For failure, add a message step to the IT manager.
- If the password reset works, send a message to the employee's alternative email with the new password information, and instruct them to reset the password once logged in.
Was this article helpful?