AC-002.04 – Net ID Account Management

Responsible Office: Office of Cybersecurity

Last Review: 05/13/2024

Next Review: 05/13/2026

Contact: Chris Madeksho

Phone: 901.448.1579

Email: mmadeksh@uthsc.edu

Purpose

UT Health Science Center community members are issued a UT-wide identifier called the NetID. When access to UT Health Science Center networks, systems, or applications is required, they are supplied with a unique user identifier (the NetID) and a password; referred to as credentials. The purpose of this document is to document the procedure for creating and deleting credentials based on the NetID.

Scope

This practice applies to all members of the UT Health Science Center community who have been granted access to any UT Health Science Center system or data using an authenticator, based on a unique user account based on the UT NetID and password, i.e. credentials.

Definitions

Authenticator – the means used to confirm the identity of a user (e.g., user password or token).

Credentials – a combination of a NetID and a password.

Friend (of the University) – A volunteer working on UT Health Science Center’s campus. They are non-paid employees hired by a department.

NetID – Network Identifier, a unique identifier for an entity throughout the University of Tennessee system

Sponsored NetID – a NetID not automatically generated for an active faculty, staff, or student, but for someone affiliated with the University that needs access to specific systems. This type of NetID must be requested by a supervisor, business manager, or department head and approved by Human Resources.

Responsibilities

The NetID user is responsible for abiding by all policies and procedures of the University as well as applicable laws and regulations.

Information Technology Identity and Access Management Team is responsible for establishing sponsored NetIDs.

Practice

  1. Student NetIDs and credentials are created when students are accepted to the UT Health Science Center unless the individual previously has been issued a University of Tennessee NetID. Student credentials will expire if a student has not registered for one year.
  2. Faculty and Staff NetIDs and credentials are created at the commencement of employment at the University of Tennessee.
  3. Even though the association between an individual and a NetID survives enrollment or employment, access to systems and applications with a NetID and the use of the credentials will be disabled.
  4. Faculty and Staff credentials are disabled 30 days after termination of employment. To maintain an active status after termination, the user must either be rehired, sponsored, or a Friend of the university.
  5. UT Health Science Center supervisors, business managers, and department heads may sponsor NetID accounts for official guests with a relationship to the University of Tennessee.
    1. Human Resources (HR) approves all requests for a Sponsored NetID.
    2. Requests must be sent to the HR request form. Any requests sent directly to Information Technology Services (ITS) will result in the requestor being redirected to the aforementioned form.
    3. If HR approves the sponsorship, they will initiate a request for NetID creation to Information Technology Services (ITS). NOTE: Based on the nature and duration of the person’s work, HR may notify the sponsor that the individual being sponsored will have to be entered into IRIS with the status of Friend instead of being sponsored.
    4. Sponsored NetIDs should only be granted to individuals affiliated with the University in a position to help support UT Health Science Center’s mission and achieve the goals of the University.
    5. Sponsored NetIDs must be renewed annually.
  6. All types of credentials are disabled and deleted after a person is recorded as deceased.
  7. Credentials are expired as indicated unless earlier termination is requested through UT Health Science Center Human Resources for UT Health Science Center employees, or by the Vice Chancellor of Academic, Faculty, and Student Affairs for UT Health Science Center students.
  8. Exceptions to this Practice should be requested using the process outlined in GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices.

References

  1. AC-001-Access Controls
  2. AC-002-Authentication
  3. GP-001.02 Security Exceptions and Exemptions to ITS Standards and Practices
  4. NIST Glossary of Terms