Skip to main content

New Page

Escalation: Teams, Queues & Routing

When to use this page: You've hit the ceiling of a page's own "If it doesn't work → Escalate to" line and need to know where an issue actually goes — which queue or which person — based on the system it's about or the task being attempted.

Prerequisites: None to read. To change a route, oit-editor access and the note-in-reviewer-notes discipline below.

Important: Routing targets change (people move teams, queues get renamed). Treat the routing: block below as the source of truth and keep the human tables in sync with it. If a KB page names an escalation team inline, it should instead say "escalate per [[Escalation: Teams, Queues & Routing]]".


How routing works (read this first)

Two things about any escalation:

  1. What it's keyed on. You can route on the system (duo, peoplesoft, setpassword, …) or on the task (password-reset, mfa-reset, access-grant, …). Most escalations match on one of these; some match on both.
  2. What it targets. A route points at either a person (a named owner) or a queue (a team inbox / RT queue). Person routes are for cases with a clear single owner; queue routes are for anything a team picks up collectively. When a person is out, their route falls back to the queue named in their entry.

Precedence — when more than one rule could match, the most specific wins:

by_system_task (a system and task combination) → by_task → by_system → default_queue.

So an Active Directory password reset matches the password-reset task rule (Heather) before the active-directory system rule — task beats system unless a combined by_system_task rule is defined for that exact pair. This is deliberate: it lets a task owner cut across every system, while combined rules carve out the exceptions.


Routing by system

TaskSystemGoes toType
password-resetsetpasswordHeather Palmeterperson
password-resetactive-directoryHeather Palmeterperson
---active-directoryQuincy Woodperson
---mycuAdmin Computingqueue
---google-workspaceIdentity & Accessqueue
---duoMarcus Reedperson
---peoplesoftTom Delgadoperson
---kronos · cbord · slateEnterprise Applicationsqueue
---moodleSara Kwonperson
---echo360 · voicethreadTeaching & Learningqueue
---verizonDevin Oseiperson
---mitelTelecom & Mobilequeue
---vpn · eduroam · polarisSystems & Networkqueue
---papercut · appsanywhere · zoom · snipe-itEndpoint Engineeringqueue
---wordpressRay Chenperson
---drupalWeb & CMSqueue
---rtHelp Desk (tier 1)queue

Routing by task

TaskGoes toType
password-resetHeather Palmeterperson
mfa-resetMarcus Reedperson
account-create · account-disable · access-grantIdentity & Accessqueue
installEndpoint Engineeringqueue
configSystems & Networkqueue
troubleshoot · referenceHelp Desk (tier 1)queue

Exceptions (system + task combined)

These override the task default for one specific pairing:

System + taskGoes toWhy
peoplesoft + access-grantTom DelgadoPeopleSoft grants need the app owner, not the general access queue
duo + mfa-resetMarcus ReedDuo resets stay with the Duo owner

Routing table (machine-readable)

An agent reads the routing: block; humans can use the mirrored tables underneath. Keep the two in sync — the block wins if they ever disagree.

routing:
  default_queue: helpdesk-tier1
  precedence: [by_system_task, by_task, by_system, default_queue]

  # target: person | queue
  # every person entry names a fallback_queue for when that person is unavailable

  by_task:
    password-reset:   { target: person, id: hpalmeter, name: "Heather Palmeter", fallback_queue: identity-access }
    account-create:   { target: queue,  id: identity-access }
    account-disable:  { target: queue,  id: identity-access }
    mfa-reset:        { target: person, id: mreed,     name: "Marcus Reed",       fallback_queue: identity-access }
    access-grant:     { target: queue,  id: identity-access }
    install:          { target: queue,  id: endpoint-deployment }
    troubleshoot:     { target: queue,  id: helpdesk-tier1 }
    config:           { target: queue,  id: systems-network }
    reference:        { target: queue,  id: helpdesk-tier1 }

  by_system:
    setpassword:      { target: person, id: hpalmeter, name: "Heather Palmeter", fallback_queue: identity-access }
    active-directory: { target: queue,  id: identity-access }
    mycu:             { target: queue,  id: identity-access }
    google-workspace: { target: queue,  id: identity-access }
    duo:              { target: person, id: mreed,     name: "Marcus Reed",       fallback_queue: identity-access }
    peoplesoft:       { target: person, id: tdelgado,  name: "Tom Delgado",       fallback_queue: enterprise-apps }
    kronos:           { target: queue,  id: enterprise-apps }
    cbord:            { target: queue,  id: enterprise-apps }
    slate:            { target: queue,  id: enterprise-apps }
    moodle:           { target: person, id: skwon,     name: "Sara Kwon",         fallback_queue: teaching-learning }
    echo360:          { target: queue,  id: teaching-learning }
    voicethread:      { target: queue,  id: teaching-learning }
    verizon:          { target: person, id: dosei,     name: "Devin Osei",        fallback_queue: telecom-mobile }
    mitel:            { target: queue,  id: telecom-mobile }
    vpn:              { target: queue,  id: systems-network }
    eduroam:          { target: queue,  id: systems-network }
    polaris:          { target: queue,  id: systems-network }
    papercut:         { target: queue,  id: endpoint-deployment }
    appsanywhere:     { target: queue,  id: endpoint-deployment }
    zoom:             { target: queue,  id: endpoint-deployment }
    snipe-it:         { target: queue,  id: endpoint-deployment }
    wordpress:        { target: person, id: rchen,     name: "Ray Chen",          fallback_queue: web-cms }
    drupal:           { target: queue,  id: web-cms }
    rt:               { target: queue,  id: helpdesk-tier1 }

  # exceptions: a specific system+task pair that should NOT follow the task default
  by_system_task:
    "peoplesoft/access-grant": { target: person, id: tdelgado, name: "Tom Delgado", fallback_queue: enterprise-apps }
    "duo/mfa-reset":           { target: person, id: mreed,    name: "Marcus Reed",  fallback_queue: identity-access }

Queues (team inboxes)

Queue idTeamRT queue / inboxHandlesCoverage
helpdesk-tier1OIT Help Desk (front line)RT: Help DeskDefault catch-all; triage, general troubleshoot, referenceMon–Fri 8:00–16:30
admin-computingAdmin ComputingRT: Admin ComputingDefault catch-all for the Adm,in Computing Team, assigned internallyMon–Fri 8:00–16:30
identity-accessIdentity & Access ManagementRT: AccountsAD, myCU, Google Workspace, account lifecycle, access grantsMon–Fri 8:00–17:00
systems-networkSystems & Network EngineeringRT: SystemsVPN, eduroam, Polaris, DNS/IP, server configMon–Fri 8:00–17:00, on-call after hours
enterprise-appsEnterprise ApplicationsRT: Enterprise AppsPeopleSoft, Kronos, CBORD, SlateMon–Fri 8:00–17:00
teaching-learningTeaching & Learning TechnologiesRT: TLCMoodle, Echo360, VoiceThreadMon–Fri 8:00–17:00 (extended during term)
telecom-mobileTelecom & MobileRT: TelecomMitel/voice, Verizon lines & devicesMon–Fri 8:00–17:00
endpoint-deploymentEndpoint EngineeringRT: EndpointsImaging, software/install, PaperCut, AppsAnywhere, Zoom tooling, Snipe-ITMon–Fri 8:00–17:00
web-cmsWeb & CMSRT: WebWordPress, Drupal, webspaceMon–Fri 8:00–17:00
av-signageAV & Digital SignageRT: AVClassroom AV, event support, Concerto signageMon–Fri 8:00–17:00, event on-call
securityInformation SecurityRT: InfoSecSuspected compromise, sensitive-data incidents, MFA fraudMon–Fri 8:00–17:00, 24/7 on-call for incidents

Warning: Anything that looks like a security incident (account takeover, phishing hit, sensitive-data exposure) skips normal routing and goes straight to security — do not sit it in a system/task queue.


People (named owners)

Owner idNameOwns (system / task)Fallback queue
hpalmeterHeather Palmetersystem setpassword, task password-resetidentity-access
qwoodQuincy Woodsystem active-directory, task gpo-updateinetwork-services
tdelgadoTom Delgadosystem peoplesoft, combo peoplesoft/access-grantenterprise-apps
skwonSara Kwonsystem moodleteaching-learning
doseiDevin Oseisystem verizontelecom-mobile
rchenRay Chensystem wordpressweb-cms


Verification

  • To confirm a route: read the routing: block, apply precedence (by_system_task → by_task → by_system → default_queue), and check the resulting id against the Queues or People table for the current owner/inbox.
  • An agent answering "where does X go?" should return the matched rule key and the target id, then resolve the id to a name/queue via the tables above.

If a route is wrong or missing

  • No rule matches → it falls to default_queue (helpdesk-tier1) by design; if that's the wrong home, add a by_system or by_task rule rather than leaving it to the catch-all.
  • Owner has left / queue renamed → update the routing: block and the mirrored table in the same edit, then re-stamp last_reviewed.
  • Escalate to: identity-access for account/identity routing disputes; helpdesk-tier1 lead for anything else you can't place.

Notes

  • Person routes always carry a fallback_queue so nothing dead-ends when someone is out.
  • Keep system/task values drawn from the controlled vocabulary in the KB Blueprint — do not invent route keys the tag schema doesn't recognize.

meta:
  audience: helpdesk
  system: escalation          # proposed new tag value — this page is cross-system (see Reviewer notes)
  task: reference
  tier: tier1
  aliases:
    - "who do I escalate to"
    - "escalation team"
    - "which queue"
    - "route this ticket"
    - "who owns duo"
    - "password reset owner"
    - "hand off to"
review:
  last_reviewed: 2026-07-01
  reviewed_by: hpalmeter
  volatility: medium
  cadence_days: 180
  next_due: 2026-12-28
  canonical_source: internal
  status: current
  verify:
    - "Every `id` in the routing block still resolves to a live person or RT queue in the Queues/People tables"
    - "RT queue names in the Queues table still match the actual RT queue list"
    - "setpassword system and password-reset task still route to Heather Palmeter (hpalmeter)"
    - "No KB page hard-codes an escalation team that contradicts this routing block"

Reviewer notes

  • Real vs. placeholder: the only confirmed routes are system setpassword → Heather Palmeter and task password-reset → Heather Palmeter. Everything else (all other people, all queues, all other system/task routes, coverage hours, RT queue names, the two combined exceptions) is placeholder for page buildout.
  • New tag value: this page is inherently cross-system, so meta.system uses a proposed new value escalation. Add it to the Blueprint tag vocabulary before publishing, or swap it for whatever you prefer (helpdesk-ops?).
  • Precedence choice: I set task to beat system (by_task before by_system) so an AD/Google/myCU password reset still lands on you rather than the Identity queue — that keeps your two real routes behaving consistently. Flip precedence if you'd rather system win by default.
  • Structure to modify: the routing: YAML block is the machine-readable source; the tables above it are the human mirror. If you change routing, edit both. The by_system_task section is the extension point for one-off exceptions.
  • Fallback design: every person route names a fallback_queue so no escalation dead-ends when an owner is unavailable — confirm the fallbacks are the ones you want.

BookStack tags

audience:helpdesk · system:escalation · task:reference · tier:tier1 · volatility:medium · review-status:current