Procedure on the Handling of Special Purpose NYU NetIDs
Introduction: Purpose and Scope
An individual NYU NetID is assigned to each member of the NYU community in order to enable personal access to University online services. In special and specific circumstances, a service-access NetID may be assigned upon request to a member of the community for purposes other than sole individual use. Depending upon its intended use in accessing NYU services, assignment of the special-purpose NetID is approved by the NYU IT service director and an appropriate range of access privileges is assigned to the NetID.
This procedure applies to all members of the University community who are eligible to act as sponsors or approvers of special-purpose NYU NetIDs (see eligibility criteria below).
1. General Terms
Special-purpose NetIDs are assigned and managed in University identity management records in a way similar to individual NetIDs: a (faux) person record is created, assigned an appropriate affiliation type, and associated with a newly-assigned University ID and NetID. The requesting individual is identified as the sponsor of the NetID and is responsible for activating the NetID by setting a password for it at the NYU Start Page.
Just as use of an individual NetID is accompanied by an acknowledged set of responsibilities for its owner, a special-purpose NetID is accompanied by the same responsibilities for its sponsor, most notably the Policy on Responsible Use of NYU Computers and Data (see Related Policies, below). In general, all responsibilities associated with use of an individual NetID also are associated with use of a special-purpose NetID, and the sponsor is responsible for the uses to which the NetID is put.
The restriction against shared use of the NetID (and its associated password) may be different in certain use cases for special-purpose NetIDs. Since, however, shared use of a NetID is inherently less secure than individual use, in cases where shared use is planned for the special-purpose NetID, other sharing mechanisms where available should be used instead of assignment of a special-purpose NetID.
2. Eligibility Criteria
Full-time NYU faculty and staff are eligible to request, and act as sponsor for, a special-purpose NYU NetID. Upon departure from the University, any special-purpose NetIDs assigned to the individual will be de-activated (unless transferred to another eligible member of the community).
3. Expiration and Notification
When a special-purpose NetID is assigned, an end-date is associated with it. Generally this end-date is one or more years in the future, although in some cases (for NetIDs to be used by a system and not an individual) an end-date is set very far into the future so as to prevent expiration of the NetID and resultant loss of system functionality.
When an end-date approaches, the sponsor of the NetID will be notified in advance that an extension is necessary and of the procedure for requesting the extension. A special-purpose NetID that is not renewed will be deactivated and its password expired, along with any computer accounts that have been created under that NetID.
4. Standard Use Cases for Special Purpose NetIDs
Special purpose NetIDs will be approved for the following situation, and possibly for other very special situations, if no alternative mechanism will meet the identified need.
a. System Integration Account
An application system requires a NetID-based account in order to function. Typical examples include: an application that needs to log in to another application to perform a data integration function or an application that needs to retrieve email.
In this case, after consultation to determine that viable alternatives are not available, the special purpose NetID request will be approved by the appropriate NYU IT service director in accordance with the core service functionality to be used by the NetID:
a. For NYU Web-related purposes: Executive Director, Digital Communications, NYU IT
b. For email, and general system/data integration purposes: Program Director, Identity and Access Management, NYU IT
5. Disallowed Use Cases for Special Purpose NetIDs
Special purpose NetIDs will not be approved for the following use cases that call for other approaches to information sharing.
a. Business Process Shared Account
A department or group desires an account to manage, or as part of, a University business process, for example intake and processing of email to an administrative department from diverse sources. In a case such as this, use of a scalable issue tracking system such as ServiceNow would be the type of tool recommended by NYU IT.
b. Shared Assistant Support Account
Support staff needs access to a designated portion (but not all) of a supervisor’s email account.
6. Alternatives to Special Purpose NetIDs
Upon request, NYU IT staff will consult with and advise departments on approaches and tools to meet their specific needs without use of a special purpose NetID. Typical alternatives to be considered include:
a. Gmail account delegation
b. Google Groups
c. Issue-tracking system, such as ServiceLink