Collaborator Account: Difference between revisions

From Cheaha
Jump to navigation Jump to search
(Added XIAS VPN and Duo instructions)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
This Page lays down the step for you as a UAB employee to request for a cheaha account for your collaborator.
This page describes the process for a UAB employee to request for a Cheaha account for an external collaborator (i.e. a person who does not have a UAB BlazerID).


==Create XIAS Account==
==Create XIAS Account==
Line 6: Line 6:
For additional information, see the [https://apps.idm.uab.edu/xias/top XIAS help page].
For additional information, see the [https://apps.idm.uab.edu/xias/top XIAS help page].


'''When you go through the sponsorship process you are stating that you know the individual(s) and are responsible for their actions while they are using the XIAS accounts.'''
'''Going through the sponsorship process, you are stating that you know the individual(s) and are responsible for their actions while they are using the XIAS accounts.'''


===Create a site===
===Create a site===
When you go to the [https://idm.uab.edu/cgi-cas/xrmi/sites XIAS website], you'll notice two options on the left-hand panel: [https://idm.uab.edu/cgi-cas/xrmi/sites Manage Projects/Sites] and [https://idm.uab.edu/cgi-cas/xrmi/users Manage Users.]
The [https://idm.uab.edu/cgi-cas/xrmi/sites XIAS website] has two options on the left-hand panel: [https://idm.uab.edu/cgi-cas/xrmi/sites Manage Projects/Sites] and [https://idm.uab.edu/cgi-cas/xrmi/users Manage Users.]


* Choose Manage Projects/sites.
* Choose Manage '''Projects/sites'''
* Over there click on '''New''' to create a new site.
*Click '''New''' to create a new site
* Fill in all the information i.e. Short Description, Long Description, Start date and End date.
* Fill in all the information i.e. Short Description, Long Description, Start date and End date  
** Remember that your users cannot have '''End date''' beyond your sites '''End date'''.
** '''End date''' is the expiration date for the site, the users added in the next section cannot have an expiration date beyond the sites '''End date'''. The dates should be in the format '''YYYY-MM-DD'''
** Note that the start and end dates should be in the format '''YYYY-MM-DD'''
** URIs are the resources that the sponsored users should have access to.  If the resources are applications or servers then the manager of that resource must do what is necessary within that resource to authorize the external users to gain access. Add the following for Cheaha access:
** URIs are the resources that the sponsored users should have access to.  If the resources are applications or servers then the manager of that resource must do what is necessary within that resource to authorize the external users to gain access.
*** '''https://rc.uab.edu'''
* In the URIs section: fill out '''VPN.DPO.UAB.EDU'''  and '''cheaha.rc.uab.edu'''  
* Click on '''Add''' button to create the site
* Click on '''Add''' button to create the site.


=== Create a user===
=== Create a user ===
Once the new site has been created:


* Now choose [https://idm.uab.edu/cgi-cas/xrmi/users Manage Users.] from the left hand panel.
* Click [https://idm.uab.edu/cgi-cas/xrmi/users Manage Users.] from the left hand panel
* In the drop-down select your XIAS site.
* In the drop-down select your XIAS site
* To add new users click the '''Register''' button.  To review the users already there and change their end date click the '''List''' button.
* Click the '''Register''' button to add new users
* To register new user(s) enter an end date for that user’s access. 
** Enter an end date for the new site user(s) in the format '''YYYY-MM-DD'''. The date cannot extend past the site's end date!
** The date must be on or before the end date for the site and in the format YYYY-MM-DD
** Enter the collaborator's email address in the box under the end date.  You can add multiple users by putting each on a separate line.
* Enter the email addresses of the user(s) (your collaborator's email) in the box under the end date.  You can add multiple users by putting each on a separate line.


'''Note:''' It can take up to 4 hours for new account create completion and the email notification to be sent
=== Collaborator ===
Inform the collaborator(s) to expect an emails from the following addresses containing instructions:
* '''UAB Identity Management''' [[userservices@uab.edu]]
* '''UAB External ID admin''' [[ph-admin@uab.edu]]


=== Collaborator===
They will need to complete the process within '''72 hours''' of receipt of the email(s)!
Once you have gone through the above steps, your collaborator should receive an automated email from XIAS with a code that they can use to complete their registration.


==Request an account on cheaha==
==Request an account on Cheaha==
Once you have completed the steps of adding/sponsoring XIAS account for your collaborator, send us an email on support@listserv.uab.edu with information about the collaborator. Please don't forget to include their PrimaryID and email address which you used to create their XIAS account, as it would become their Username on [[Cheaha]].
Once the steps above have been completed of adding/sponsoring XIAS account for your collaborator, send us an email on support@listserv.uab.edu with information about the collaborator. Please don't forget to include their PrimaryID and email address which you used to create their XIAS account, as it would become their Username on [[Cheaha]].
 
==UAB VPN Access==
If the collaborators will need to access UAB VPN, you will need to add the following to your projects '''URIs''' list:
 
* '''https://vpn.ad.uab.edu/'''
 
The account used to login to UAB VPN uses a different format than their email address. This can be found by going to '''Manage Users''', select your '''Project Site''' and click '''List'''. The VPN account names are listed under the column '''AD account''' and will use the syntax '''XXXX-XXXXX-X'''', ex: '''xias-jdoe-3'''.
 
===UAB 2 Factor Authentication (2FA)===
UAB VPN now requires the use of UAB 2FA (provided by Duo). The collaborator will need to call AskIT at '''(205) 996-5555''' to register a device for Duo before they'll be able to connect to VPN.
 
After they've been registered with Duo, the collaborator will need to install the Cisco VPN client: [https://www.uab.edu/it/home/tech-solutions/network/vpn]
 
Once installed, they'll launch '''Cisco AnyConnect''' and enter '''vpn.uab.edu''' in the field and click '''Connect'''. Their user name / account will be the previously mentioned '''XXXX-XXXXX-X'''' format, not their email address (they should have received an email with this account ID.

Latest revision as of 21:32, 7 December 2020

This page describes the process for a UAB employee to request for a Cheaha account for an external collaborator (i.e. a person who does not have a UAB BlazerID).

Create XIAS Account

XIAS Accounts, or external access account. allows UAB employees to sponsor external collaborators to utilize some of the UAB resources for which the user has been granted access. Creating XIAS account is a self-service interface which allows you to sponsor and create an account for your collaborator at XIAS website.

For additional information, see the XIAS help page.

Going through the sponsorship process, you are stating that you know the individual(s) and are responsible for their actions while they are using the XIAS accounts.

Create a site

The XIAS website has two options on the left-hand panel: Manage Projects/Sites and Manage Users.

  • Choose Manage Projects/sites
  • Click New to create a new site
  • Fill in all the information i.e. Short Description, Long Description, Start date and End date
    • End date is the expiration date for the site, the users added in the next section cannot have an expiration date beyond the sites End date. The dates should be in the format YYYY-MM-DD
    • URIs are the resources that the sponsored users should have access to. If the resources are applications or servers then the manager of that resource must do what is necessary within that resource to authorize the external users to gain access. Add the following for Cheaha access:
  • Click on Add button to create the site

Create a user

Once the new site has been created:

  • Click Manage Users. from the left hand panel
  • In the drop-down select your XIAS site
  • Click the Register button to add new users
    • Enter an end date for the new site user(s) in the format YYYY-MM-DD. The date cannot extend past the site's end date!
    • Enter the collaborator's email address in the box under the end date. You can add multiple users by putting each on a separate line.

Collaborator

Inform the collaborator(s) to expect an emails from the following addresses containing instructions:

They will need to complete the process within 72 hours of receipt of the email(s)!

Request an account on Cheaha

Once the steps above have been completed of adding/sponsoring XIAS account for your collaborator, send us an email on support@listserv.uab.edu with information about the collaborator. Please don't forget to include their PrimaryID and email address which you used to create their XIAS account, as it would become their Username on Cheaha.

UAB VPN Access

If the collaborators will need to access UAB VPN, you will need to add the following to your projects URIs list:

The account used to login to UAB VPN uses a different format than their email address. This can be found by going to Manage Users, select your Project Site and click List. The VPN account names are listed under the column AD account and will use the syntax XXXX-XXXXX-X', ex: xias-jdoe-3.

UAB 2 Factor Authentication (2FA)

UAB VPN now requires the use of UAB 2FA (provided by Duo). The collaborator will need to call AskIT at (205) 996-5555 to register a device for Duo before they'll be able to connect to VPN.

After they've been registered with Duo, the collaborator will need to install the Cisco VPN client: [1]

Once installed, they'll launch Cisco AnyConnect and enter vpn.uab.edu in the field and click Connect. Their user name / account will be the previously mentioned XXXX-XXXXX-X' format, not their email address (they should have received an email with this account ID.