CCID & Passwords
-
Requesting Access to U of A Authentication and Directory Services
Introduction IMS Agreements are required whenever an application or system requires access to the centralized U of A Authentication or Data repository. The intent is that these IMS Agreements need to be renewed by the application or system owner at least once a year. This article provides an overview of the request process and forms required to access University of Alberta authentication and/or directory services. Applicability This article is intended for anyone looking to connect a service or application to University of Alberta central authentication and/or directory services. All IMS data access requests are subject to University of Alberta Data Access Terms and Conditions. Procedure Before You Begin, please review the following notes: 1. This article does not cover PeopleSoft access agreements. Direct PeopleSoft access agreements are not available by default, unless it is shown by going through this process first that the data available through the IMS request is inadequate or unsuitable. 2. Provisional IMS data access will not be granted to any system or application prior to it being reviewed and approved by the Office of the Chief Information Security Officer. 3. Your service or application may require a Privacy and Security Review as part of the request review process, if one has not yet been completed prior to the IMS agreement being submitted. Additional information on the system or application may be required depending on the nature of the request. The Office of the CISO will reach out to the requester during the process if required. 4. The review and approval process can take anywhere from several days to several weeks depending on the nature of the request and the system/application accessing the data. Be sure to submit your request with sufficient time to undergo the appropriate reviews and approvals. The review process takes time, depending on the complexity of your request, and it is your responsibility to submit your request with sufficient lead time and respond in a timely manner to any issues. 5. All IMS access agreements are subject to the "University of Alberta Data Access Terms and Conditions", listed below in Appendix I. Ensure that you read, understand, and follow the Terms and Conditions provided in that article. IMS Authentication and/or Directory Services Access Request Process The person submitting the request (aka Reporting Individual) determines what access they require. Each service has a separate form so ensure you are selecting the correct one. Available services and sub-services are: 1. IMS Authentication Services 1a. UAlberta Login Single-Sign-On (SAML 2.0) The University instance of SAML 2.0 for single sign on authentication and provides a number of attributes to a Service Provider (SP) when users access the application. The attributes are provided on an individual basis and will only be provided when a user is redirected from the Identity Provider (IdP) - UAlberta Login - to the SP they are accessing. An IMS agreement is required to provide a system or application access to UAlberta login and individual data attributes. UAlberta Login SAML attributes are covered in detail in this KB article. 1b. LDAP Authentication An application/system needs to bind with the university LDAP directory for the purpose of end user authentication. All applications/systems needing to use LDAP authentication must have an IMS agreement. It is always preferred for an application to use UAlberta Login instead of LDAP authentication. Using LDAP authentication instead of UAlberta Login requires appropriate justification in the request form. 2. IMS Directory Services 2a. LDAP Directory: This data is organized by data groups that can be queried in LDAP with appropriate permission. A service or application can bind with the university LDAP directory to access user data groups. Any system needing access to the LDAP Directory must have an IMS agreement. More details on the directory data can be found in the form below. Pick the appropriate form below based on the above criteria. The requestor must complete all sections of the appropriate IMS Agreement request form, which includes providing application details, service owner details, and the data required from the service, or the form will be rejected. If both services are required, both forms must be completed and submitted. If you have any questions about how to complete the form, please contact IST. To complete fillable PDF form: To Download, click on the appropriate download link below, and click the download icon when the page opens. Then open the PDF, fill it out, and save it for submission. IMS Authentication Services Access Request Form (Fillable PDF): DOWNLOAD LINK IMS Directory Services Access Request Form (Fillable PDF): DOWNLOAD LINK Submit the completed and signed form to IST via this link if there is no existing ticket. This will open a support request which will be used for all communications regarding the access request. The request and its details will be reviewed by the Office of the CISO. Once approved by the Office of the CISO, IST will work with the technical contact to provision the approved access. Keep the completed form as periodic updates and reviews will be requested by IST to ensure that the information is still up to date and accurate. Questions? Contact Information Services and Technology Appendix I University of Alberta Data Access Terms and Conditions The IMS agreement is a formal mechanism to document and authorize the exchange of data through interfaces between the parties for specific and approved purposes. This agreement dictates that the primary method for transferring data to or from the Information Services & Technology PeopleSoft databases shall be by means of an interface, or via the Identity Management System (IMS). Interfaces are tracked, monitored and upgraded when PeopleSoft systems are upgraded. Interfaces may be written in any of the PeopleSoft supported technologies which include SQR, Application Messaging, XML and Electronic Data Interfaces. Each night data is extracted from the Information Services & Technology PeopleSoft databases, and is loaded into an Identity Management System (IMS). This service can be accessed through a common (API) to allow IMS participants to access that data from their systems. This agreement will define the authorities, responsibilities and accountabilities of the parties and those charged with the protection of the University’s Information Services & Technology assets from threats, whether internal or external, deliberate or accidental arising from the construction and use by University entities of program interfaces to and from the PeopleSoft databases and the Identity Management System (IMS). 1. Definitions 1.1 “Personal Information” means the recorded personal information specified in this Agreement which may be comprised of all or some of the personal information, referred to in Section 1(1)(n) of the Freedom of Information and Protection of Privacy Act or Section 1 (k) of the Personal Information Protection Act, about identifiable individuals collected by either parties of this agreement. 1.2 IST – Information Services & Technology PeopleSoft databases are the Campus Solutions, Human Capital Management and Financial databases that are managed by the IST department. 1.3 API – Application Programming Interface is a particular set of specifications around how systems can request data. 1.4 IMS – Identity Management Service is a database built on LDAP that can be queried by approved applications to provide information about people, courses, and classes at the University of Alberta which is managed by IST. 1.5 Participant – Faculty, Academic Department or Administrative Unit of the University of Alberta that is exchanging data to or from the Information Services & Technology PeopleSoft databases via an interface, or to or from the IMS through an API. 1.6 IMS Public Data – Public data is data that is openly available through campus phone books and campus websites. 1.7 IMS Authenticated Individual Access to Personal Data – This is personal information about an individual that can be used by an application after the individual has authenticated to the application using their CCID and password. This data is only available to the application for the duration of the user session. The user, by authenticating, has given permission for the application to access their personal information. 1.8 IMS Aggregated Access to Personal Data – This is personal information for groups of people that can be used by the application. 2. Approval and Responsibilities 2.1 Approval for the development of interfaces, either inbound or outbound, batch or real time will be upon the advice of Information Services & Technology (IST). If the requested data is outside the standard personal data, IST will request input from the IT security officer, Information & Privacy Officer and the business unit responsible for the data before approving the agreement. If the requested data is standard personal, course or class data then IST will recommend using the IMS to access the data. 2.2 Approval access to IMS public data, IMS Authenticated or IMS Aggregated Access to Personal Data will be approved by IST. 3. Confidentiality and Security 3.1 The Participant or its Subservice Providers or Affiliates shall utilize security technologies and techniques in support of their applications in accordance with industry Best Practices and the University of Alberta security policies, procedures and requirements, including those relating to the prevention and detection of fraud or other inappropriate use or access of systems and networks. Without limiting the generality of the foregoing, the Participant or its Subservice Providers or Affiliates shall implement and/or use network management and maintenance applications and tools and appropriate fraud prevention and detection and encryption technologies. In addition, the Participant or its Subservice Providers or Affiliates shall conduct a continuous security program (the “Security Program”) that shall enable the University of Alberta to: (i) conduct periodic risk assessments to identify the specific threats and vulnerabilities of application; and (ii) monitor and test the Security Program to ensure its effectiveness. The Participant or its Subservice Providers or Affiliates shall review and adjust the Security Program in light of any assessed risks. 3.2 The Participant or its Subservice Providers or Affiliates must protect Personal Information Records in its custody under this Agreement by making reasonable security arrangements against such risks as disaster and unauthorized access, collection, use, disclosure and disposal. 3.3 The Participant or its Subservice Providers or Affiliates must not process, store or transfer any Personal Information Records under this Agreement beyond the boundaries of Canada without the explicit written authorization of the University, which authorization may be arbitrarily and unreasonably withheld. 3.4 The parties shall fully maintain and respect the confidentiality of and protect the security of the data. Any Personal Information subject to this Agreement shall not be disclosed to anyone unless such disclosure is authorized by this Agreement, or by law or by the consent of the individuals whose Personal Information is to be disclosed. 3.5 In determining whether to consent to the release of data, each party undertakes to govern itself according to the following principles: 3.5.1 The overriding concern shall always be to fully ensure and protect the privacy of individuals; and 3.5.2 Each shall always act in good faith and shall not unreasonably withhold consent to release. 3.6 If Personal Information is disclosed or further distributed without authorization, continued access to the Interfaced data will be denied. 3.7 The parties are fully and solely responsible for the actions of the parties’ employees, Subservice Providers and Affiliates. The Participant shall not disclose any Personal Information Records to a Subservice Provider or Affiliate without the University's prior written consent, and such approval does not relieve the Participant of their responsibilities under this Section. 3.7.1 The Participant agrees to contractually obligate each employee, Subservice Provider or Affiliate who may see or obtain access to the Personal Information Records of their duties and responsibilities to act in a manner consistent with the party’s duties and responsibilities in this Agreement 3.8 The Participant acknowledges that all Records remain under the control of the University and are subject to the provisions of the FOIPP Act and that the Participant shall comply with and be subject to all laws of Canada in force in the Province of Alberta and all laws of Alberta relating to the collection, use and disclosure of information, including the FOIPP Act. 3.9 The Records are the property of the University and are to be retained and disposed of according to the conditions of the applicable records retention and disposition schedule, in response to a formal request for information under the FOIPP Act, or upon the termination or expiry of the Agreement, whichever occurs first 3.10 At the expiry or termination of this Agreement, or at such time as IST, the Participant or its Subservice Providers or Affiliates must do any or all of the following with respect to the Personal Information Records, 3.10.1 Destroy all electronic copies of Personal Information Records in a manner specified by the University, and provide confirmation of the destruction to the University in a manner specified by the University; and 3.10.2 Wipe any hard drive used for the storage of Personal Information Records in electronic format in a manner specified by the University, and provide confirmation of the destruction in a manner specified by IST. 3.11 In the event that the Participant becomes aware of a breach relating to a Personal Information Record or Records, the Participant must immediately notify Information and Privacy Office in writing of the following, to the extent known as per the following guidelines https://privacyandsecurity.ualberta.ca/report-breach.html: (a) The nature of the information that was breached, including type and date of information, name(s) of the individual(s) whose information is affected; (b) When the breach occurred; (c) How the breach occurred; (d) Who was responsible for the breach? (e) What steps the Participant has taken to mitigate the matter; and (f) What measures the Participant has taken to prevent reoccurrence. In the event of such a breach, IST or the VP-IT may, at its option, immediately terminate this Agreement and take any other action that it deems appropriate. 4. Deprecation / Breaking Change Policy In the event of major feature modifications, removal or discontinuation to an API resource, bulk data export, or service, IST will inform all active agreement holders who are affected prior to change implementation. Following this announcement, IST will use all reasonable efforts to continue to operate the affected component or service versions and features without these breaking changes for a period of 2 months, unless IST determines in its reasonable and good-faith judgment that: laws or third-party relationship require the changes to be made earlier; or maintaining the existing versions could create a security risk or substantial economic or material technical burden.
-
How to have your CCID changed
Introduction A primary Campus Computing ID (CCID) can be changed to something else in certain cases. Here are the acceptable reasons for having your CCID changed: Change of legal name, e.g. through marriage This legal name change must be updated via the Office of the Registrar, Central HR, or the Faculty of Grad Studies and Research prior to submitting your request for a CCID rename. The CCID is culturally or religiously offensive. Cases where abuse has become an issue. Other cases might apply at the discretion of the identity administrators (gender change, divorce, etc). Not liking your CCID is not a valid reason for renaming or changing your CCID, including cases where the CCID is based on your legal name but you go by a different preferred name. We also do not offer CCID renames to a specific desired CCID, the system will just generate a new one based on existing availability rules. CCIDs have to be 3-8 characters long. If you would like a longer email address, it will have to be added to an existing base CCID (3-8 characters long) as an alias. See "Request an Email Alias" for more details. This article will provide the steps necessary for requesting a CCID change. Applicability This information applies to anyone with a University of Alberta primary CCID assigned to them that they wish to change. Secondary departmental CCIDs are renamed via the department's CCID Authorized Approvers, and not by IST. Procedure To rename your own CCID, please contact the Shared Services Staff Service Center during office hours to reach a Service Desk analyst. Your identity will need to be validated before you can start the rename process. Once you are validated, the Service Desk will create a ticket and reach out to you via email with further instructions, and at this point you will be able to explain the reason that you would like your CCID to be renamed. Sending an email to IST to request a CCID rename without first being validated will cause your request to be closed, and you will be instructed to call in to start the entire process again.
-
Reset a CCID password
Introduction This article will outline the options for resetting your Campus Computing ID (CCID) password. Applicability This article will be useful for Students, Applicants, and Staff who need to have their CCID password reset. Procedure Password Reset Options When to use this option Reset Your Own CCID Password (Self Service Password Reset) - You have PREVIOUSLY enroled in the U of A Self Service Password Reset (SSPR) tool WHILE you had your password, and you have now forgotten your password. - If you are not sure what this is, and do not recognize the website, then you probably did not do it. You should go to the Contact A Service Desk section instead. Contact A Service Desk - You have NOT enroled a recovery phone number or email address in the U of A Self Service Password Reset (SSPR) tool and you have now forgotten your password. - You have previously enroled for SSPR but are still having trouble resetting your own password. - You have other questions about the password reset process or are unsure about what to do. Use the link to contact a Service Desk to get help (regular work hours only). Change Your CCID Password - You know your current password and want to set a new password. - Your CCID password was just reset by a Service Desk, and you need to change it. - Your account is a brand new account and you have just received your initial temporary password. Need help? Contact Information Services and Technology Reset Your Own CCID Password (Self Service Password Reset) IMPORTANT! You can only use this option if you have previously enroled in the University's Self Serve Password Reset (SSPR) system while you still had access to your account. If you did not, you should go to the Contact A Service Desk section. Navigate to https://myccid.ualberta.ca/reset. Enter your CCID in the text field, then click Next. NOTE: If you have not enroled in a recovery method, you will not be able to proceed after clicking Next. You will need to Contact a Service Desk to have your password reset. Select the Reset Option that you want to use to receive your reset code by selecting the appropriate radio button. Confirm the reset option by entering the email or phone number in the text field below the selected option, then click Send Code. If you already have a code you can click the 'I have a Code' button to enter it without the system sending a new code and invalidating the old one. IMPORTANT: When confirming your recovery phone number or email address, it must be entered EXACTLY as it was entered when you enroled it. It must include any dashes or other symbols if they were used when it was enroled. Retrieve the 9 digit code sent to your recovery phone or email address. NOTE: If you don’t receive a reset code, either you incorrectly confirmed your reset option or it is not the correct one linked to your CCID. Contact a Service Desk to get your password reset if you are unable to get a reset code. You can check your reset options once you have regained access to your CCID. Enter the 9 digit code from step 5 in the Code field. Type in your new password in the New Password field and again in the Confirm Password field, then click Submit. NOTE: If you get any errors after clicking Submit, please try resetting your password again, or contact IST. Contact a Service Desk IMPORTANT! When contacting a Service Desk you will be required to provide your 7-digit Student or Employee ID number and other information to verify your identity. If you do not know your ID number, see How to Find Your Student or Employee ID Number When a Service Desk resets your password, you will be provided with a TEMPORARY password. You must Change Your Password using the temporary password provided to you before you can log in with your CCID. By Phone (for most people) The phone number you should call depends on your role at the University. Students and Applicants (including Continuing Education Students): I KNOW MY ID NUMBER: Call the Shared Services IT Desk at 780-492-8000 extension 1. I DO NOT KNOW MY ID NUMBER: Contact the Student Service Center. Employees: Call the Shared Services IT Desk at 780-492-8000 extension 1. NOTE: If you have accepted your offer of admission but are not yet enroled in any courses, you are already considered a student and must contact a Service Desk by phone. Change Your CCID Password NOTE: If your password was just reset by a Service Desk, or you have just received a new CCID, you will use the TEMPORARY password provided to you as your CURRENT password. Navigate to https://myccid.ualberta.ca/change Enter your CCID in the CCID field. Enter your current password in the Current Password field. Enter your new password in the New Password and Confirm Password fields, then click Change Password. TIP! Your password must be at least 10 characters long and should contain both upper and lower case letters. You cannot reuse your previous passwords.
-
Using the forgot password self service tool for MEDID accounts
Introduction This article explains how to reset a MEDID (Faculty of Medicine & Dentistry) account using the self service tool. Applicability This document applies to anyone with a MEDID that needs to reset their password. Details To reset a forgotten password, two factors of authentication is required. This is for security purposes. Browse to http://password.med.ualberta.ca for the FOMD MEDID password reset site. 1. Type in your MED username and click Submit. 2. You’ll see the option to send a passcode to the associated email address to your MED account. Click Submit to send the passcode to your email. 3. Check your email for an email from FOMD Passcode 4. Open the email to get the passcode. 5. Enter the passcode that you received in the email, then click Submit. 6. Select the second factor of authentication you want to use. If you have a smart phone enrolled for multifactor authentication, you can get a push request to authenticate, or have it generate a 6 digit passcode. Please see https://universityofalberta.freshservice.com/support/solutions/articles/19000110560 for support in enrolling your device into Multifactor authentication, assuming you're account has been enabled to do so. If you have a phone number registered with your MED account (generally done when the account is created), the last 4 digits will show, but the rest will be masked. An automated phone service will call this number with a 6 digit passcode. If you don't have a smart phone enrolled, or do not have access to the phone number (or that option is missing (because a phone number is not registered with your account)), you can choose to contact the IST service desk, and they will get a passcode emailed to them on your behalf. Then click Submit 8. If you were not able to use a push request to your smartphone, a 6 digit passcode will need to be entered. This passcode is obtained from your smartphone with the SecureAuth app, or by an automatic phone service that will call your registered phone number, or that is sent to the IST service desk on your behalf. 9. From here you can reset your password. Keywords: MedID,FOMD,Medicine,forgot,reset,password,