IT0506-HSC-A.02 Net ID Account Management

Responsible Office: Office of Cybersecurity

Last Review: 05/13/2024

Next Review: 05/13/2026

Contact: Chris Madeksho

Phone: 901.448.1579

Email: mmadeksh@uthsc.edu

Purpose

The University of Tennessee Health Science Center (UTHSC) community members are issued a UT-wide identifier called the NetID. When access to UTHSC networks, systems, or applications is required, they are supplied with a unique user identifier (the NetID) and a password; referred to as credentials. The purpose of this document is to document the procedure for creating and deleting credentials based on the NetID.

Scope

This practice applies to all members of the UTHSC community who have been granted access to any UTHSC system or data using an authenticator, based on a unique user account based on the UT NetID and password, i.e. credentials.

Definitions

Authenticator – the means used to confirm the identity of a user (e.g., user password or token).

Credentials – a combination of a NetID and a password.

Friend (of the University) – A volunteer working on UTHSC’s campus. They are nonpaid employees hired by a department.

NetID – Network Identifier, a unique identifier for an entity throughout the University of Tennessee system

Sponsored NetID – a NetID not automatically generated for an active faculty, staff, or student, but for someone affiliated with the University that needs access to specific systems. This type of NetID must be requested by a supervisor, business manager, or department head and approved by Human Resources.

Responsibilities

The NetID user is responsible for abiding by all policies and procedures of the University as well as applicable laws and regulations.

Information Technology Identity and Access Management Team is responsible for establishing sponsored NetIDs.

Practice

  1. Student NetIDs and credentials are created when students are accepted to the UTHSC unless the individual previously has been issued a University of Tennessee NetID. Student credentials will expire if a student has not registered for one year.
  2. Faculty and Staff NetIDs and credentials are created at the commencement of employment at the University of Tennessee.
  3. Students employed by UTHSC in a temporary, part-time capacity, including Graduate Assistants, are to receive a separate account to be used for work activities only.
  4. Even though the association between an individual and a NetID survives enrollment or employment, access to systems and applications with a NetID and the use of the credentials will be disabled.
  5. Faculty and Staff accounts are revoked within 24 hours of termination of employment.
    • All user credentials are revoked immediately upon the employee’s separation from the University
    • To maintain an active status after termination, the user must either be rehired, sponsored, or a Friend of the university.
  6. UTHSC supervisors, business managers, and department heads may sponsor NetID accounts for official guests with a relationship to the University of Tennessee.
    1. Human Resources (HR) approves all requests for a Sponsored NetID.
    2. Requests must be sent to the HR request form. Any requests sent directly to Information Technology Services (ITS) will result in the requestor being redirected to the aforementioned form.
    3. If HR approves the sponsorship, they will initiate a request for NetID creation to Information Technology Services (ITS). NOTE: Based on the nature and duration of the person’s work, HR may notify the sponsor that the individual being sponsored will have to be entered into IRIS with the status of Friend instead of being sponsored.
    4. Sponsored NetIDs should only be granted to individuals affiliated with the University in a position to help support UTHSC’s mission and achieve the goals of the University.
    5. Sponsored NetIDs must be renewed annually.
  7. All types of credentials are disabled and deleted after a person is recorded as deceased.
  8. Credentials are expired as indicated unless earlier termination is requested through UTHSC Human Resources for UTHSC employees or by the Vice Chancellor of Academic, Faculty, and Student Affairs for UTHSC students.
  9. Exceptions to this Practice should be requested using the process outlined in IT0003-HSC-A.02-Security Exceptions and Exemptions to ITS Standards, Practices, and Controls.

Policy History

Version #
Effective Date
1
03/17/2016
4
10/22/2021
5
06/11/2024
6
03/01/2025 – new naming convention

References

  1. IT0506-Information Technology Account and Credential Management
  2. IT0311-HSC-A-Access Controls
  3. IT0506-HSC-A-Authentication
  4. IT0003-HSC-A.02-Security Exceptions and Exemptions to ITS Standards, Practices, and Controls
  5. NIST Glossary of Terms