CCID & Passwords
-
Requesting or Creating Temporary Network Access IDs
Introduction This article will describe what a Temporary Network Access ID is, when they should be requested/used, and who can create them. Applicability This article is for users/groups requiring Temporary Network Access IDs, and the CCID Authorized Approvers who can create them. Details What is a temporary network access ID and when is it used? Temporary Network Access IDs are temporary IDs in the namespace temp_ that can be used to authenticate with UWS and computer lab workstations. As these IDs are not full CCIDs, there is no email account associated with the ID, nor does it grant access to Bear Tracks, Library, eClass, etc. They are valid for a period of 1 to 8 weeks. They are used for things like events and conferences on campus where attendees may not have CCIDs but need access to work in a computer lab or to connect to UWS. How do you request a Temporary Network Access ID? Temporary Network Access IDs can only be created by Departmental Authorized Approvers. If you don't know who your departments CCID Authorized Approver is, it can be found by clicking on the List of Authorized Approvers link. If you are unable to determine who your Authorized Approver is, IST can assist you with figuring that out, but only the Authorized Approver can create the accounts. If you are a student and trying to request this for a student group event of some kind, this will generally go through your sponsoring department. (For CCID Authorized Approvers) How do you create Temporary Network Access IDs? Authorized Approvers can create Temporary Network Access IDs by logging into IAM, opening the menu in the top left and selecting CCID Management, and then Temporary Network Access IDs. The webpage will walk you through the process but for more detailed information, refer to the IAM System Training eClass Course. Related Articles Request to be added or removed as an Authorized Approver for a department (Request to be added or removed as an Authorized Approver for a department)
-
Enrol With Duo Security
Introduction This article provides information on Duo Security Multi-factor Authentication (MFA) and outlines the process for enroling devices with Duo Security. Multi-factor Authentication (MFA) is a form of authentication that requires two or more verification methods to access a resource, application, online account, or a VPN. Applicability Duo Security multi-factor authentication (MFA) has been enabled for some services and some CCID holders within the University of Alberta domain. Eligible users will encounter a second authentication step to verify their identity when logging in to PeopleSoft and other web based applications secured with Duo, with more applications being added over time. MFA is currently in a staged rollout to all staff. This article provides information and resources for setting up and using Duo Security multi-factor authentication with your CCID. Duo Security authentication is required when accessing Duo protected applications form ANY DEVICE, not just from your mobile phone. Eligible users will receive email communications when their Duo account is created. If you have not received any such emails, you are not eligible for Duo Security at this time. Procedure Other Duo MFA Resources How to Authenticate with Duo Security Duo Security Frequently Asked Questions How to Fully Encrypt a Samsung Mobile Device Before You Begin Important! You must fully complete these steps to enrol your mobile device. If you close the Duo web interface before completing all the steps, you will need to Re-Enrol your Duo Mobile app You must have received the initial enrolment email. You need a laptop or desktop computer to complete the enrolment process. You need an iOS (14.0 and greater) or Android (10.0 and greater) smartphone or tablet on which you can install the Duo Mobile app. Need help? Contact Information Services and Technology Contents How Does Multi-Factor Authentication (MFA) work? Installing the Duo Mobile app on your Mobile Device Enroling Your Mobile Device With Duo Security for the First Time How to Re-Enrol your Duo Mobile app Troubleshooting Duo Enrolment and Device Issues Definitions How Does Multi-Factor Authentication (MFA) work? Multi-factor Authentication adds an additional layer of security to your UAlberta CCID account by requiring you to confirm login attempts with your CCID on another device you own. Using a second factor (like your mobile phone or tablet) to login in addition to your CCID and password prevents other people from logging in with your CCID if they know your password. When accessing an online service or application protected with Duo Security, you will still log in as usual from any browser or device using your CCID and Password, but will then be asked to confirm your log in either with the Duo Mobile app on your mobile device or by entering a passcode. The Enrolment Process An initial email is sent to inform you that your account has entered the 30 day enrolment period. If you haven't received this initial email, your account is not eligible to enrol with Duo Security. After the 30 day enrolment period has ended, you will be required to authenticate with Duo Security before accessing certain applications. You can enrol at any point after you've received the initial email. Installing the Duo Mobile app on your Mobile Device The Duo Mobile app is supported on the following platforms: iOS 14.0 and greater Includes both iPhones and iPads Android 10.0 and greater Includes both phones and tablets To find the app, simply search “Duo Mobile” (by Duo Security) on your device's app store or use the direct links to the Apple and Google app stores below. Duo Mobile by Duo Security on the app stores: Apple https://apps.apple.com/ca/app/duo-mobile/id422663827 Android https://play.google.com/store/apps/details?id=com.duosecurity.duomobile&hl=en Enroling With Duo Security Important! You must fully complete these steps to enrol your mobile device. If you close the Duo web interface before completing all the steps, you will need to Re-Enrol your Duo Mobile app Mobile Device: Ensure you have the Duo Mobile app installed on your mobile device. If not, see Installing the Duo Mobile app on your smartphone or tablet Computer: Navigate to https://mfa.srv.ualberta.ca/ on a supported web browser and log in with your CCID Computer: Click Next on the first three screens (1) (2) (3) Computer: Select Duo Mobile as your login option. Computer: Select your country code and enter your phone number (1). Next, select Continue (2). Computer: On the summary screen, confirm the information you entered is correct and select Yes, it's correct. Computer: Ensure you have downloaded the Duo Mobile app on your mobile device as previously instructed, and then select Next Computer: The next page should present you a QR code similar to the screenshot below (without the blacked out portion) Mobile Device: Open the Duo Mobile app and select Set Up Account (Image 1). Next select Use a QR Code (Image 2). If prompted allow the app access to your camera. Scan the QR code displayed in the Duo web interface on your computer. Mobile Device: When the QR code is scanned, your mobile device will advance to the Name account page, and the website on your computer will add a green checkmark over the QR code. Mobile Device: Press the Save button on the Name account page to save the University of Alberta account. You will be brought to the Accounts page, which will display the new University of Alberta account on the app. Your mobile device is no longer necessary for any of the remaining steps. Computer: Once you have scanned the QR code and saved the account, the webpage will automatically advance. Note: You will not be able to progress until you have successfully scanned the QR code with the Duo Mobile app. Computer: Select 'Log in with Duo' to get started How to Re-Enrol your Duo Mobile app If you started enroling your mobile device in Duo, but did not activate the Duo Mobile app or if you have a new phone but still have the same phone number you can re-enroll your Duo mobile app at https://mfa.srv.ualberta.ca using the following instruction: Mobile Device: Ensure you have the Duo Mobile app installed on your mobile device. If not, see Installing the Duo Mobile app on your smartphone or tablet Computer: Navigate to https://mfa.srv.ualberta.ca and log in with your CCID and Password. NOTE: If you are not prompted to log in with Duo, you will need to start over in a Private or Incognito browser window. Computer: You will automatically be sent to a text passcode login page. Do not select Send a passcode yet. Instead, select Other options. Computer: Select Manage devices. Computer: Select the Text message passcode option Computer: Enter the code sent to your mobile device in the Passcode text field (1) then click Verify (2). Computer: On the Manage Devices page you will see a Generic Smartphone with your number, select the Add a device option to the right Computer: Select the Duo Mobile option Computer: Select your country code and enter your phone number (1). Next, select Continue (2). Computer: On the summary screen, confirm the information you entered is correct and select Yes, it's correct. Computer: Ensure you have downloaded the Duo Mobile app on your mobile device as previously instructed, and then select Next Computer: The next page should present you a QR code similar to the screenshot below (without the blacked out portion) Mobile Device: Open the Duo Mobile app and select Set Up Account (Image 1). Next select Use a QR Code (Image 2). If prompted allow the app access to your camera. Scan the QR code displayed in the Duo web interface on your computer. Mobile Device: When the QR code is scanned, your mobile device will advance to the Name account page, and the website will add a green checkmark over the QR code. Mobile Device: Press the Save button on the Name account page to save the University of Alberta account. You will be brought to the Accounts page, which will display the new University of Alberta account on the app. Your mobile device is no longer necessary for any of the remaining steps. Computer: Once you have scanned the QR code and saved the account, the dialog will automatically close, and your Generic Smartphone icon will update to your model of phone. Note: You will not be able to progress until you have successfully scanned the QR code with the Duo Mobile app. Computer: Your device is now fully enrolled, and you can log in at your leisure. Troubleshooting Duo Enrolment and Device Issues Mobile Device or Duo Mobile App Common Problems Tip: Check the Duo MFA Frequently Asked Questions article for information on commonly asked questions. Re-enrolling your mobile device will resolve most Duo MFA enrolment and mobile device issues and is the first step to resolving issues such as: You don't have the "Duo Push" option in the Duo MFA web interface Pass codes are not displayed in the Duo mobile app or the codes generated are not working You don't have a QR code to scan from your mobile device when you are enrolling the Duo Mobile app You are not receiving push notifications on your mobile device when attempting to authenticate using Duo MFA after enrolment Your Duo Mobile app didn't restore or is not working after you got a new device using the same phone number You can re-enrol your device on your own by following the instructions provided in the Re-enrol your Duo Device section above. Be sure to read and follow the instructions exactly or your re-enrolment may not work. If you continue to have issues after re-enrolment, please contact the IT Service Desk. Other Common Problems: Problem: The Duo MFA page or Mobile apps presents the following error message: “Your organization requires your phone to have a screen lock setup with a PIN, passcode, or other secure option to unlock it.” Solution: You must enable a lock screen passcode or pin on your mobile device. In some cases you may also have to enable local encryption on your mobile device. Problem: You are unable to download the Duo Mobile app from your app store or you are seeing an error message indicating your device operating system is not allowed. Solution: You can try updating your device following your device manufacturers instructions. If your device is running the latest version of software available to it, it may not be compatible with Duo and you will need to get a fob to use with Duo. Problem: I’m traveling and Duo MFA is not working or I’m getting a message saying access is denied in my current location. Solution: Due to regulatory reasons, Duo will not work in countries or regions subject to economic and trade sanctions, such as Cuba or Iran. Otherwise, Duo should work internationally as long as your mobile device has an internet/data connection. If your device will not maintain a data connection while traveling or you are traveling without your mobile device, you should get a fob to use while traveling as they do not require an internet connection to generate a code. Duo Fob Common Problems Problem: The codes generated by my Duo fob stopped working Solution: In some cases your Duo fob may become unsynced with your account. You can attempt to resolve this problem yourself by generating 3 different passcodes, and then entering each passcode and pressing the 'Log In' button on the Duo panel one after the other within a 5 minute time span. If this does not resolve the issue, you must contact the IT Service Desk to have your fob re-synced. Definitions Duo Security: This is the service used to provide multi-factor authentication with your CCID. Duo Prompt or Duo Web Interface: This is referring to the main user interface of Duo. You will see the Duo prompt after logging in to UAlberta Log In (Single Sign On) when accessing an application secured with Duo Multi-factor Authentication (MFA): This refers to using an additional step to authenticate a user’s login attempt prior to granting access to an application. This is in addition to a user providing their username and password. Duo Mobile: This refers to the app that you install on your mobile device to authenticate with Duo Security. Duo Push: This refers to a way of authenticating using notifications on your mobile device with the Duo Mobile app. Passcode: A 6 digit code entered in the Duo Prompt to authenticate with Duo.
-
Authenticate with Duo Security
Introduction This article outlines the process for authenticating with the University of Alberta’s Multi-factor Authentication service, Duo. Multi-factor Authentication (MFA) is a form of authentication that requires one or more verification methods in addition to your CCID and password to access a resource, application, online account, or a VPN. Applicability Duo Security multi-factor authentication (MFA) has been enabled for some services and some CCID holders within the University of Alberta domain. Eligible users will encounter a second authentication step to verify their identity when logging in to certain applications, such as Google Workspace Apps, Peoplesoft, or the IAM system (Also knows as IIQ). This article provides information on using Duo Security multi-factor authentication with your CCID. Duo Security authentication is required when accessing Duo protected applications from ANY COMPUTER OR DEVICE, not just from your mobile phone. Eligible users will receive email communications when their Duo account is created. If you have not received any such emails, you are not eligible for Duo Security at this time. Procedure Before you begin: You must have a mobile device enroled with Duo Security, see How to Enrol with Duo Security If you don't find what you are looking for here, see Duo Security Frequently Asked Questions (FAQ) If you have temporarily lost access to your device enroled in Duo, you can contact IST to request passcodes that can be used to login with Duo Need help? Contact Information Services and Technology Contents Default Authentication Method Switching Authentication Methods How to Authenticate With Duo Using Duo Push How to Authenticate With Duo Using a Passcode Default Authentication Method When accessing a resource or service which requires Multi-factor Authentication you will be presented with the Duo web interface. The web interface will default to your most recently used authentication method. If you haven't used it before, it will default to a push notification if you have the Duo Mobile app installed (1), or a passcode if you do not (2). Switching Authentication Methods If you would like to use a different method than the default, select 'Other options' near the bottom of the panel. Then, select the alternative authentication option you'd like to use from the available list How to Authenticate With Duo Using Duo Push If your default authentication method or selected alternative authentication method is Duo Push, a push notification will automatically be sent to your mobile device via the Duo Mobile app. NOTE: If you don’t see the option to Send Me a Push in the Duo Web interface, you will need to re-enrol your device - see How to Re-enrol Your Device in KB0013018 On your mobile device, tap on the Duo Mobile notification, and select Approve. IMPORTANT: If you ever receive a push notification when you aren’t trying to log in with your CCID, select Deny then select It seemed fraudulent. After you approve the login from the app, you will automatically be logged in to the application you are accessing. How to Authenticate With Duo Using a Passcode If your default authentication method or selected alternative authentication method is Duo Mobile passcode or Hardware token, a screen will appear to allow you to enter your passcode. Open the Duo Mobile app on your mobile device and tap University of Alberta. This will display a 6 digit number. Alternatively, press the button on your MFA key fob to generate a new passcode. Enter the 6 digit passcode in the text field (1), then click Verify (2)
-
UAlberta Account Change Frequently Asked Questions
Introduction This article is intended to answer common questions about the upcoming changes to University of Alberta accounts, also referred to as CCIDs. Applicability This article applies to all U of A account holders. FAQ Q: Which Google services are reduced or removed after my relationship with the U of A changes? A: All Google services, including but not limited to those listed on the Core App and Consumer Apps site, will be removed. Please note that the removal of access to Google Play and YouTube includes paid purchases and subscriptions to apps, movies, music, and more. If you have graduated with a degree from the U of A, your U of A Alumni account is reduced to Gmail only (with 100MB of email storage) and no other Google services. Q: Can I get an exemption or extension? A: Due to pressing external timelines on this change, extensions are not possible. It is important that you download all your required data prior to your access expiry date to prevent the loss of your data. You will receive an automated email 30 days prior to changes taking place on your account, informing you of your deadline. Q: How will I know when my account will expire or change? A: You can refer to the CCID Changes website for information on what will happen to your account based on your relationship with the University. If you are currently not eligible to retain your account, you will lose access to it once your access expiry date has passed. Automated email notifications will be sent to an account’s ualberta.ca email address approximately 30 days prior to any changes being applied. Once you receive the system notice, it’s important that your data is exported from your account before the 30 days is up as the data will be permanently deleted after that time. Q: Can I pay to get more storage or more access to Google Workspace apps? A: We do not have the option for paid account services. Q: As a student or alumni, how do I move my personal data out of my account before it expires? A: If you decide to use a personal Google account with adequate storage to hold your data, you may be able to use Google Takeout Transfer to migrate all your UAlberta Google account data directly to your other Google account. Please note however that Takeout Transfer DOES NOT TRANSFER PHOTOS and Takeout is not a core Google service that we can support. If you have any issues or questions regarding it, you can refer to the Google Help article for help with using Google Takeout, or ask the Google Help community forums if you can’t find what you need on the help article. You can then set up your UAlberta account to forward emails to your personal Gmail address. Step by step instructions on how to do this are provided in this Google help article Automatically forward Gmail messages to another account. Note that if you don’t want to continually manage your storage in your UAlberta account, you can choose to “delete University of Alberta Mail’s copy” when you set up email forwarding. If you choose to keep a copy of the email in your University of Alberta inbox, each email that is forwarded will still count toward your 100 MB of storage. Q: How can I best use a Gmail account with 100 MB of storage? A: Given the limited storage, it is ideal to use them as email forwarding accounts. You can easily set up your UAlberta email to forward all emails to another email address. You can find step by step instructions in this Google help article Automatically forward Gmail messages to another account. Note that if you don’t want to continually manage your storage in your UAlberta account, you can choose to “delete University of Alberta Mail’s copy” when you set up email forwarding. If you choose to keep a copy of the email in your University of Alberta inbox, each email that is forwarded will still count toward your 100 MB of storage. Q: I have an Adjunct or Clinical Academic or Guest relationship with the University. What will happen with my account/data when I leave? A: Adjunct Academic and Clinical Academic: When your relationship with the University expires, your account will be treated the same as an outgoing employee. This means that you will lose access to the account and all data within it at the end of your relationship with the University. If you need access to BearTracks after you leave, you may be issued an account that can be used exclusively for accessing Bear Tracks and will be active for 18 months. Guest: Guest accounts will be deactivated 2 weeks after your Guest relationship ends in our system, unless you have other active relationships at that time (eg: employee or student). If there is anything you need from your account, you should work with your supervisor or University contact to get what you need out of the account prior to the end of your guest relationship. Q: I’m an Emeritus, will anything happen to my account? A: Emeritus accounts are currently unaffected by this change. Your account will continue to have the same functionality as an employee account at this time. Q: I’m a student that is no longer taking any courses, however, I’m not an alumni. When will my account expire? A: The amount of time you have before your account expires depends on which semester your last course was in. Your CCID will remain active long enough for you to get your tax forms from Bear Tracks when they are made available to you at the end of the year and you will get an automated email 30 days prior to your account expiring. Please be sure to download your tax forms as soon as they become available to you to avoid losing access. Q: How can I access my data once I’ve downloaded it with Takeout? A: You will need to use an external application/service that supports the format in which you chose to download your data. As the applications/services vary greatly, you will need to contact the support team for the application/service that you will be using to store or access your data. Q: Can you help me backup my data or do it for me? A: Google Takeout is only accessible to the logged in account holder. We cannot export your data for you. Q: I'm getting errors when I use Google Takeout and Takeout Transfer. A: You can refer to the Google Help article for help with using Google Takeout, or ask the Google Help community forums if you can’t find what you need on the help article. If you are encountering errors on the page when attempting to use Google Takeout, please provide a screenshot of the errors and we will do what we can to help resolve the error. If you are trying to use Google Takeout Transfer and getting an error stating you need administrator access, please try the following: Open a Private or Incognito browsing session in your browser. Visit the Takeout Transfer site. You will be prompted to log in, ensure you are logging in with your @ualberta.ca or @ualberta.net email account credentials. Follow the steps to start the transfer. Please note that Google Takeout Transfer DOES NOT TRANSFER ALL ACCOUNT DATA and Takeout is not a core Google service that we can support. If you have any issues or questions regarding it, you can refer to the Google Help article for help with using Google Takeout, or ask the Google Help community forums if you can’t find what you need on the help article. Q: A former student, faculty, or staff member created files for me in Google Drive that I still access and need. What will happen when their U of A email account changes? A: Depending on their relationship to the university, their U of A account access, storage and features may be reduced and, in some circumstances, deactivated, and associated data deleted. Please review and create a copy of the necessary files shared with you from the former student, faculty, or staff. Alternatively, you can contact the individual to request they transfer ownership of the files to you. To find files in Google Drive shared with you from a specific account, click into the Google Drive search box and type owner: followed by the email address (e.g., owner:ccid@ualberta.ca). You can copy or download the files if the student or staff has provided the proper permissions.
-
Requesting Access to U of A Authentication and Directory Services
Introduction IMS Agreements are required whenever an application or system requires access to the centralized U of A Authentication or Data repository. The intent is that these IMS Agreements need to be renewed by the application or system owner at least once a year. This article provides an overview of the request process and forms required to access University of Alberta authentication and/or directory services. Applicability This article is intended for anyone looking to connect a service or application to University of Alberta central authentication and/or directory services. All IMS data access requests are subject to University of Alberta Data Access Terms and Conditions. Procedure Before You Begin, please review the following notes: 1. This article does not cover PeopleSoft access agreements. Direct PeopleSoft access agreements are not available by default, unless it is shown by going through this process first that the data available through the IMS request is inadequate or unsuitable. 2. Provisional IMS data access will not be granted to any system or application prior to it being reviewed and approved by the Office of the Chief Information Security Officer. 3. Your service or application may require a Privacy and Security Review as part of the request review process, if one has not yet been completed prior to the IMS agreement being submitted. Additional information on the system or application may be required depending on the nature of the request. The Office of the CISO will reach out to the requester during the process if required. 4. The review and approval process can take anywhere from several days to several weeks depending on the nature of the request and the system/application accessing the data. Be sure to submit your request with sufficient time to undergo the appropriate reviews and approvals. The review process takes time, depending on the complexity of your request, and it is your responsibility to submit your request with sufficient lead time and respond in a timely manner to any issues. 5. All IMS access agreements are subject to the "University of Alberta Data Access Terms and Conditions", listed below in Appendix I. Ensure that you read, understand, and follow the Terms and Conditions provided in that article. IMS Authentication and/or Directory Services Access Request Process The person submitting the request (aka Reporting Individual) determines what access they require. Each service has a separate form so ensure you are selecting the correct one. Available services and sub-services are: 1. IMS Authentication Services 1a. UAlberta Login Single-Sign-On (SAML 2.0) The University instance of SAML 2.0 for single sign on authentication and provides a number of attributes to a Service Provider (SP) when users access the application. The attributes are provided on an individual basis and will only be provided when a user is redirected from the Identity Provider (IdP) - UAlberta Login - to the SP they are accessing. An IMS agreement is required to provide a system or application access to UAlberta login and individual data attributes. UAlberta Login SAML attributes are covered in detail in this KB article. 1b. LDAP Authentication An application/system needs to bind with the university LDAP directory for the purpose of end user authentication. All applications/systems needing to use LDAP authentication must have an IMS agreement. It is always preferred for an application to use UAlberta Login instead of LDAP authentication. Using LDAP authentication instead of UAlberta Login requires appropriate justification in the request form. 2. IMS Directory Services 2a. LDAP Directory: This data is organized by data groups that can be queried in LDAP with appropriate permission. A service or application can bind with the university LDAP directory to access user data groups. Any system needing access to the LDAP Directory must have an IMS agreement. More details on the directory data can be found in the form below. Pick the appropriate form below based on the above criteria. The requestor must complete all sections of the appropriate IMS Agreement request form, which includes providing application details, service owner details, and the data required from the service, or the form will be rejected. If both services are required, both forms must be completed and submitted. If you have any questions about how to complete the form, please contact IST. To complete fillable PDF form: To Download, click on the appropriate download link below, and click the download icon when the page opens. Then open the PDF, fill it out, and save it for submission. IMS Authentication Services Access Request Form (Fillable PDF): DOWNLOAD LINK IMS Directory Services Access Request Form (Fillable PDF): DOWNLOAD LINK Submit the completed and signed form to IST via this link if there is no existing ticket. This will open a support request which will be used for all communications regarding the access request. The request and its details will be reviewed by the Office of the CISO. Once approved by the Office of the CISO, IST will work with the technical contact to provision the approved access. Keep the completed form as periodic updates and reviews will be requested by IST to ensure that the information is still up to date and accurate. Questions? Contact Information Services and Technology Appendix I University of Alberta Data Access Terms and Conditions The IMS agreement is a formal mechanism to document and authorize the exchange of data through interfaces between the parties for specific and approved purposes. This agreement dictates that the primary method for transferring data to or from the Information Services & Technology PeopleSoft databases shall be by means of an interface, or via the Identity Management System (IMS). Interfaces are tracked, monitored and upgraded when PeopleSoft systems are upgraded. Interfaces may be written in any of the PeopleSoft supported technologies which include SQR, Application Messaging, XML and Electronic Data Interfaces. Each night data is extracted from the Information Services & Technology PeopleSoft databases, and is loaded into an Identity Management System (IMS). This service can be accessed through a common (API) to allow IMS participants to access that data from their systems. This agreement will define the authorities, responsibilities and accountabilities of the parties and those charged with the protection of the University’s Information Services & Technology assets from threats, whether internal or external, deliberate or accidental arising from the construction and use by University entities of program interfaces to and from the PeopleSoft databases and the Identity Management System (IMS). 1. Definitions 1.1 “Personal Information” means the recorded personal information specified in this Agreement which may be comprised of all or some of the personal information, referred to in Section 1(1)(n) of the Freedom of Information and Protection of Privacy Act or Section 1 (k) of the Personal Information Protection Act, about identifiable individuals collected by either parties of this agreement. 1.2 IST – Information Services & Technology PeopleSoft databases are the Campus Solutions, Human Capital Management and Financial databases that are managed by the IST department. 1.3 API – Application Programming Interface is a particular set of specifications around how systems can request data. 1.4 IMS – Identity Management Service is a database built on LDAP that can be queried by approved applications to provide information about people, courses, and classes at the University of Alberta which is managed by IST. 1.5 Participant – Faculty, Academic Department or Administrative Unit of the University of Alberta that is exchanging data to or from the Information Services & Technology PeopleSoft databases via an interface, or to or from the IMS through an API. 1.6 IMS Public Data – Public data is data that is openly available through campus phone books and campus websites. 1.7 IMS Authenticated Individual Access to Personal Data – This is personal information about an individual that can be used by an application after the individual has authenticated to the application using their CCID and password. This data is only available to the application for the duration of the user session. The user, by authenticating, has given permission for the application to access their personal information. 1.8 IMS Aggregated Access to Personal Data – This is personal information for groups of people that can be used by the application. 2. Approval and Responsibilities 2.1 Approval for the development of interfaces, either inbound or outbound, batch or real time will be upon the advice of Information Services & Technology (IST). If the requested data is outside the standard personal data, IST will request input from the IT security officer, Information & Privacy Officer and the business unit responsible for the data before approving the agreement. If the requested data is standard personal, course or class data then IST will recommend using the IMS to access the data. 2.2 Approval access to IMS public data, IMS Authenticated or IMS Aggregated Access to Personal Data will be approved by IST. 3. Confidentiality and Security 3.1 The Participant or its Subservice Providers or Affiliates shall utilize security technologies and techniques in support of their applications in accordance with industry Best Practices and the University of Alberta security policies, procedures and requirements, including those relating to the prevention and detection of fraud or other inappropriate use or access of systems and networks. Without limiting the generality of the foregoing, the Participant or its Subservice Providers or Affiliates shall implement and/or use network management and maintenance applications and tools and appropriate fraud prevention and detection and encryption technologies. In addition, the Participant or its Subservice Providers or Affiliates shall conduct a continuous security program (the “Security Program”) that shall enable the University of Alberta to: (i) conduct periodic risk assessments to identify the specific threats and vulnerabilities of application; and (ii) monitor and test the Security Program to ensure its effectiveness. The Participant or its Subservice Providers or Affiliates shall review and adjust the Security Program in light of any assessed risks. 3.2 The Participant or its Subservice Providers or Affiliates must protect Personal Information Records in its custody under this Agreement by making reasonable security arrangements against such risks as disaster and unauthorized access, collection, use, disclosure and disposal. 3.3 The Participant or its Subservice Providers or Affiliates must not process, store or transfer any Personal Information Records under this Agreement beyond the boundaries of Canada without the explicit written authorization of the University, which authorization may be arbitrarily and unreasonably withheld. 3.4 The parties shall fully maintain and respect the confidentiality of and protect the security of the data. Any Personal Information subject to this Agreement shall not be disclosed to anyone unless such disclosure is authorized by this Agreement, or by law or by the consent of the individuals whose Personal Information is to be disclosed. 3.5 In determining whether to consent to the release of data, each party undertakes to govern itself according to the following principles: 3.5.1 The overriding concern shall always be to fully ensure and protect the privacy of individuals; and 3.5.2 Each shall always act in good faith and shall not unreasonably withhold consent to release. 3.6 If Personal Information is disclosed or further distributed without authorization, continued access to the Interfaced data will be denied. 3.7 The parties are fully and solely responsible for the actions of the parties’ employees, Subservice Providers and Affiliates. The Participant shall not disclose any Personal Information Records to a Subservice Provider or Affiliate without the University's prior written consent, and such approval does not relieve the Participant of their responsibilities under this Section. 3.7.1 The Participant agrees to contractually obligate each employee, Subservice Provider or Affiliate who may see or obtain access to the Personal Information Records of their duties and responsibilities to act in a manner consistent with the party’s duties and responsibilities in this Agreement 3.8 The Participant acknowledges that all Records remain under the control of the University and are subject to the provisions of the FOIPP Act and that the Participant shall comply with and be subject to all laws of Canada in force in the Province of Alberta and all laws of Alberta relating to the collection, use and disclosure of information, including the FOIPP Act. 3.9 The Records are the property of the University and are to be retained and disposed of according to the conditions of the applicable records retention and disposition schedule, in response to a formal request for information under the FOIPP Act, or upon the termination or expiry of the Agreement, whichever occurs first 3.10 At the expiry or termination of this Agreement, or at such time as IST, the Participant or its Subservice Providers or Affiliates must do any or all of the following with respect to the Personal Information Records, 3.10.1 Destroy all electronic copies of Personal Information Records in a manner specified by the University, and provide confirmation of the destruction to the University in a manner specified by the University; and 3.10.2 Wipe any hard drive used for the storage of Personal Information Records in electronic format in a manner specified by the University, and provide confirmation of the destruction in a manner specified by IST. 3.11 In the event that the Participant becomes aware of a breach relating to a Personal Information Record or Records, the Participant must immediately notify Information and Privacy Office in writing of the following, to the extent known as per the following guidelines https://privacyandsecurity.ualberta.ca/report-breach.html: (a) The nature of the information that was breached, including type and date of information, name(s) of the individual(s) whose information is affected; (b) When the breach occurred; (c) How the breach occurred; (d) Who was responsible for the breach? (e) What steps the Participant has taken to mitigate the matter; and (f) What measures the Participant has taken to prevent reoccurrence. In the event of such a breach, IST or the VP-IT may, at its option, immediately terminate this Agreement and take any other action that it deems appropriate. 4. Deprecation / Breaking Change Policy In the event of major feature modifications, removal or discontinuation to an API resource, bulk data export, or service, IST will inform all active agreement holders who are affected prior to change implementation. Following this announcement, IST will use all reasonable efforts to continue to operate the affected component or service versions and features without these breaking changes for a period of 2 months, unless IST determines in its reasonable and good-faith judgment that: laws or third-party relationship require the changes to be made earlier; or maintaining the existing versions could create a security risk or substantial economic or material technical burden.
-
How to have your CCID changed
Introduction A primary Campus Computing ID (CCID) can be changed to something else in certain cases. Here are the acceptable reasons for having your CCID changed: Change of legal name, e.g. through marriage This legal name change must be updated via the Office of the Registrar, Central HR, or the Faculty of Grad Studies and Research prior to submitting your request for a CCID rename. The CCID is culturally or religiously offensive. Cases where abuse has become an issue. Other cases might apply at the discretion of the identity administrators (gender change, divorce, etc). Not liking your CCID is not a valid reason for renaming or changing your CCID, including cases where the CCID is based on your legal name but you go by a different preferred name. We also do not offer CCID renames to a specific desired CCID, the system will just generate a new one based on existing availability rules. CCIDs have to be 3-8 characters long. If you would like a longer email address, it will have to be added to an existing base CCID (3-8 characters long) as an alias. See "Request an Email Alias" for more details. This article will provide the steps necessary for requesting a CCID change. Applicability This information applies to anyone with a University of Alberta primary CCID assigned to them that they wish to change. Secondary departmental CCIDs are renamed via the department's CCID Authorized Approvers, and not by IST. Procedure To rename your own CCID, please contact the Shared Services Staff Service Center during office hours to reach a Service Desk analyst. Your identity will need to be validated before you can start the rename process. Once you are validated, the Service Desk will create a ticket and reach out to you via email with further instructions, and at this point you will be able to explain the reason that you would like your CCID to be renamed. Sending an email to IST to request a CCID rename without first being validated will cause your request to be closed, and you will be instructed to call in to start the entire process again.
-
Reset a CCID password
Introduction This article will outline the options for resetting your Campus Computing ID (CCID) password. Applicability This article will be useful for Students, Applicants, and Staff who need to have their CCID password reset. Procedure Password Reset Options When to use this option Reset Your Own CCID Password (Self Service Password Reset) - You have PREVIOUSLY enroled in the U of A Self Service Password Reset (SSPR) tool WHILE you had your password, and you have now forgotten your password. - If you are not sure what this is, and do not recognize the website, then you probably did not do it. You should go to the Contact A Service Desk section instead. Contact A Service Desk - You have NOT enroled a recovery phone number or email address in the U of A Self Service Password Reset (SSPR) tool and you have now forgotten your password. - You have previously enroled for SSPR but are still having trouble resetting your own password. - You have other questions about the password reset process or are unsure about what to do. Use the link to contact a Service Desk to get help (regular work hours only). Change Your CCID Password - You know your current password and want to set a new password. - Your CCID password was just reset by a Service Desk, and you need to change it. - Your account is a brand new account and you have just received your initial temporary password. Need help? Contact Information Services and Technology Reset Your Own CCID Password (Self Service Password Reset) IMPORTANT! You can only use this option if you have previously enroled in the University's Self Serve Password Reset (SSPR) system while you still had access to your account. If you did not, you should go to the Contact A Service Desk section. Navigate to https://myccid.ualberta.ca/reset. Enter your CCID in the text field, then click Next. NOTE: If you have not enroled a recovery method, you will not be able to proceed after clicking Next. You will need to Contact a Service Desk to have your password reset. Select the Reset Option that you want to use to receive your reset code by selecting the appropriate radio button. Confirm the reset option by entering the email or phone number in the text field below the selected option, then click Send Code. If you already have a code you can click the 'I have a Code' button to enter it without the system sending a new code and invalidating the old one. IMPORTANT: When confirming your recovery phone number or email address, it must be entered EXACTLY as it was entered when you enroled it. It must include any dashes or other symbols if they were used when it was enroled. Retrieve the 9 digit code sent to your recovery phone or email address. NOTE: If you don’t receive a reset code, either you incorrectly confirmed your reset option or it is not the correct one linked to your CCID. Contact a Service Desk to get your password reset if you are unable to get a reset code. You can check your reset options once you have regained access to your CCID. Enter the 9 digit code from step 5 in the Code field. Type in your new password in the New Password field and again in the Confirm Password field, then click Submit. NOTE: If you get any errors after clicking Submit, please try resetting your password again, or contact IST. Contact a Service Desk IMPORTANT! When contacting a Service Desk you will be required to provide your 7-digit Student or Employee ID number and other information to verify your identity. If you do not know your ID number, see How to Find Your Student or Employee ID Number When a Service Desk resets your password, you will be provided with a TEMPORARY password. You must Change Your Password using the temporary password provided to you before you can log in with your CCID. By Phone (for most people) The phone number you should call depends on your role at the University. Students and Applicants (including Continuing Education Students): I KNOW MY ID NUMBER: Call Information Services and Technology (IST) at 780-492-8000, or the Student Connect number below. I DO NOT KNOW MY ID NUMBER: Call Student Connect at 780-492-3113. Employees: Please contact the Shared Services Staff Service Center. NOTE: If you have accepted your offer of admission but are not yet enroled in any courses, you are already considered a student and must contact a Service Desk by phone. Change Your CCID Password NOTE: If your password was just reset by a Service Desk, or you have just received a new CCID, you will use the TEMPORARY password provided to you as your CURRENT password. Navigate to https://myccid.ualberta.ca/change Enter your CCID in the CCID field. Enter your current password in the Current Password field. Enter your new password in the New Password and Confirm Password fields, then click Change Password. TIP! Your password must be at least 10 characters long and should contain both upper and lower case letters. You cannot reuse your previous passwords.
-
Using the forgot password self service tool for MEDID accounts
Introduction This article explains how to reset a MEDID (Faculty of Medicine & Dentistry) account using the self service tool. Applicability This document applies to anyone with a MEDID that needs to reset their password. Details To reset a forgotten password, two factors of authentication is required. This is for security purposes. Browse to http://password.med.ualberta.ca for the FOMD MEDID password reset site. 1. Type in your MED username and click Submit. 2. You’ll see the option to send a passcode to the associated email address to your MED account. Click Submit to send the passcode to your email. 3. Check your email for an email from FOMD Passcode 4. Open the email to get the passcode. 5. Enter the passcode that you received in the email, then click Submit. 6. Select the second factor of authentication you want to use. If you have a smart phone enrolled for multifactor authentication, you can get a push request to authenticate, or have it generate a 6 digit passcode. Please see https://universityofalberta.freshservice.com/support/solutions/articles/19000110560 for support in enrolling your device into Multifactor authentication, assuming you're account has been enabled to do so. If you have a phone number registered with your MED account (generally done when the account is created), the last 4 digits will show, but the rest will be masked. An automated phone service will call this number with a 6 digit passcode. If you don't have a smart phone enrolled, or do not have access to the phone number (or that option is missing (because a phone number is not registered with your account)), you can choose to contact the IST service desk, and they will get a passcode emailed to them on your behalf. Then click Submit 8. If you were not able to use a push request to your smartphone, a 6 digit passcode will need to be entered. This passcode is obtained from your smartphone with the SecureAuth app, or by an automatic phone service that will call your registered phone number, or that is sent to the IST service desk on your behalf. 9. From here you can reset your password. Keywords: MedID,FOMD,Medicine,forgot,reset,password,