Internal access to University information
The
role of the Enterprise Systems Password
Procedure 2.5.2.2: "University data is generally created via the University's centrally-administered Enterprise systems. This procedure provides information on how University Community members can request and be authorized for access to the systems and data needed to perform their jobs" -- Source: http://www.fpd.finop.umn.edu/groups/ppd/documents/procedure/Getting_Access.cfm
Background
Some University information is available to anyone; it is public. To access non-public University data you need two things: a University Internet ID (sometimes still referred to as your X.500 username) and a password. Your Internet ID can have two centrally managed passwords: an Internet Password and an Enterprise Password. Everyone who has an active Internet Account also has an Internet Password. Fewer people have an active Enterprise Password; and to actually use that password to access enterprise/institutional data, you must have been granted access to the data, systems, or resources that require an Enterprise Password.
Additional security
When you use your Enterprise Password, the Central Authentication Hub (CAH) verfies that you have been approved for access. This access is not automatic, and it does not follow you if you transfer to another job. To request access you typically submit the required form(s) to OIT Data Security. The forms are available online: http://www.umn.edu/datasec/security/Requestingaccess.html
Additional security measures are required for the Enterprise Password. One feature that makes that password "stronger" is that it expires after 100 days; the expiration includes a time as well as a date. This "timestamp" sometimes means that people who used their Enterprise Password in the morning cannot reauthenticate in the afternoon because the "timestamp" has expired.
Peoplesoft example
Once you have typed in an approved Internet ID and Enterprise Password, you're authenticated to use Peoplesoft. CAH then passes an "attribute" to the Peoplesoft application, and it creates a "cookie" that is stored in whatever browser (such as Internet Explorer or Netscape) was used to access Peoplesoft. The attribute is used by Peoplesoft to link to an individual's access profile, allowing the user to manipulate the specific Peoplesoft data to which they have previously been granted access.
Although the cookie is valid for three hours, after a certain period of inactivity, Peoplesoft users can be "timed out" in less than three hours. OIT Data Security has a FAQ that covers time outs, cookies, and other information as it relates to Peoplesoft access: http://www.umn.edu/datasec/security/PSv8_FAQ.htm
Internet versus Enterprise Password
When do you use an Internet Password or an Enterprise Password? Read on for examples.
Internet PasswordUse your Internet Password to access many resources, services, and systems, such as accessing your on-line pay statement; authenticating your access when you dial into the University's modem pool; and signing into myOneStop or myU Portal. Many people think of the Internet Password as their e-mail password, since they use it to access their University e-mail account. Note: the Internet Password has no expiration date.
Enterprise Password
Set up and use an Enterprise Password (also called the Enterprise Systems Password) to access University secure websites and resources that require an even higher level of security. Relatively little data and few systems require this higher level of security. The largest group of new Enterprise Password users are those who must access the non-self serve portions of Peoplesoft. You also need that Enterprise Password to access Financial Forms Nirvana (FFN), the Enterprise Grants Management System (EGMS), the Electronic Document Management System (EDMS), and more. Note: the Enterprise Password expires every 100 days.
Change/set Enterprise PasswordsStudent workers and Peoplesoft:
departments that have student workers who also have non self-serve access to Peoplesoft may want to review the Data Security website's information on setting up a functional ID for Peoplesoft access: http://www.umn.edu/datasec/security/RequestingSponsored.htm
To change or set your Enterprise Password you can fill out the online form available from your personalized Internet Account Options web page. To actually get the form, you must type your Internet ID and Internet Password in the spaces provided for that information. Many University web pages have links to this form. You can also access it by typing this web address: www.umn.edu/validate.
Figure 1 shows a window similar to the one you will see when you access the "validate" page. However, the example in Figure 1 is the result of accessing a web page that requires an Enterprise Password. |
Figure 1: Login
|
Figure 2 shows the options you can control once you access your Internet Account Options page. One option is "Password Change." (See the red line in this figure.) |
Figure 2: Options you can set or update
|
Figure 3 shows the window you get when you select the "Password Change" option. Beware when changing Enterprise Passwords. Be sure to enter the password information in the correct "Enterprise" fields near the bottom of the web page. (See the red line in this figure.) |
Figure 3: Enter password in appropriate boxes
|
Expiration strategies
Enterprise Passwords expire after 100 days; to maintain unbroken access, change the password before it expires. Putting the expiration date on their calendar works for many people. You can get the Enterprise Password's expiration date in several ways: Figures 4 and 5.
Figures 4 and 5: Enterprise login successful windows The windows in Figures 4 and 5 have a valuable piece of information: the date your Enterprise Password will expire. If you are in the habit of clicking "continue" or bypassing these windows without looking at them, you might want to occasionally look at them. You won't see these windows if:
|
||
Figure 4
|
Figure 5
|
|
If you don't change the password before it expires, you can still type your old password in the "Enter your current Enterprise Systems password" field (Figure 3) and then enter a new password in the appropriate fields.
If you don't remember your old password, call the Technology Helpline and select the option for Enterprise Passwords. A consultant will set a new password for you after verifying your identify. Note: consultants cannot see your old passwords, but they can set new ones.
Select a good password
When you set an Enterprise Password you must follow some rules. (For more password suggestions, see "You are the weakest link" in our July, 2002 newsletter.)
- The Internet and Enterprise Passwords are case sensitive; they must be a mixture of letters and numbers and have 6 to 8 characters.
- The Internet and Enterprise Passwords can never be the same. Under rare circumstances you can type the same password for both and click the submit button before the system prevents it. If you do that, your passwords won't work.
- You cannot reuse an Enterprise Password that you have used in the last three cycles of setting the Enterprise Password, regardless of how many days passed between each cycle.
Once you have selected an acceptable password, you will get a message similar to the one shown in Figure 6. Note: you may be able to use the new password immediatley or you may have to wait to use it. |
Figure 6
|
Peoplesoft and the Enterprise Password
Since the procedures for accessing Peoplesoft changed with the switch to the web-based version, many long time Peoplesoft users are confused about changing their Enterprise Password after it has expired. They are accustomed to the old reminder system. There is no such reminder system for Enterprise Passwords. Instead people must rely on other system feedback, such as the expiration dates shown in Figures 4 and 5.
About the figures used in the article
The figures used in this article are representative of the windows you will get; the exact content and layout will change slightly, depending on several factors, such as whether you got to the window by clicking an "update" button or by accessing http://www.umn.edu/validate.
Also, in the near future you may see changes in the "password" selection options shown in Figure 2 and in the formatting of the window shown in Figure 3. We are refining these options to make your selections easier.
Tips from the Technology Helplines, M. Kelleher