Eastern Illinois University Homepage

Quick Links

• Change Password
  
• Computer Labs
  
• Outlook Web Access
  
• PantherMail
• PAWS
• Software Downloads
• WebCT

Audience

• Students
• Employees

  Services & Solutions

  • Account/NetID
  • Application Services
  • Information Security
  • Internet/Network Services
  • Mail Services
  • Mobile Devices
  • Panther Card
  • Policies
  • Recommendations For Purchasing New Techology
  • Safe Connect
  • Technology Resources On Campus
  • Telecommunications
  • Web Publishing

University Network Identity Life-Cycle Policy

On behalf of the university, Information Technology Services creates Network Identities (NetID) to facilitate proper access to on-line resources. Maintenance of these identities requires university resources to maintain therefore it is imperative that once issued, they are utilized in alignment with the university's mission and goals. When no longer required, these identities are to be destroyed to prevent a system compromise and/or data loss. This document aims to explain how these identities are to be created, what are their valid use scenarios, and when they are to be destroyed.

Background

The University NetID system has many sources of data and is utilized as an authentication authority by many other systems. The university NetID system permits individual services to connect and authenticate users as needed. These individual services have their own policies for access to services they provide. A prime example of this is within Windows server shares where the user may be authenticated to the system, but is permitted or denied access access to folder shares on an individual basis.

Policies for account creation and deletion within the NetID system must encompass all life-cycles of the querying subsystems since user cannot exist in any subsystem unless they exist in the NetID master system. At present campus email, campus active directory, and all Banner related systems represent the major consumers but smaller projects such as UNIX system shell logins and departmental special projects also utilize the system.

In the generation of this document, substantial considerations have been made to address the useful life-cycle of a NetID and when a student or employee will no longer have a need to access university resources directly.

The goal of this document is to assist in meeting regulatory compliance goals and follow good security practices while meeting current University policy mandates granting continued access to University information systems to select groups after separation from the University.

NetID creation

NetIDs are assigned to a unique individual, and will not be reused throughout the lifetime of the current system. Although NetIDs are routinely deleted from the NetID LDAP systems, they are tracked in Banner in accordance to applicable record retention laws and policies.

Student Network Identities are created for students upon acceptance to the university as indicated by the Banner Enrollment module. Although the student now has a NetID, it does not mean that the student has access to individual university resources such as Banner or WebCT, it merely means that a NetID has been generated and is now available to the consumer systems. Please consult policies for specific systems to see when user access is enabled for those systems.

Employee Network Identities are created upon entry and activation in the Banner Human Resources module. The university human resources department handles employment records within the university and as such, the university NetID system can only consume this employment data, as it's the only authoritative source. Professional Affiliate accounts will utilize the employee classification as their affiliate status is tracked by EIU Human Resources. Issues related to the banner employment data that triggers employee account creation should be directed to EIU Human Resources.

SPEC (Special Use network identities) accounts are assigned in cases where multiple individuals need access to the same account or where an individual system requires a non-standard configuration due to technical limitations. In the past these were referred to as "group accounts" and were previously issued for web pages, email addresses, and the like. Spec accounts are assigned to a sponsoring NetID whereas the sponsor is responsible for the proper usage and management of the account. Spec accounts are created by request only and are not to be used as a replacement for an employee or student account.

NetID removal

Student NetIDs are removed once a student has left the university. If the student was enrolled during the previous term, and does not enroll for the current term, continued use of the account is permitted during the one term of non-enrollment. If the student does not subsequently enroll, the NetID will remain active for a period of one year following the last class day of the last term attended. After one year the NetID will be removed from the system. The student must participate in at least one enrolled term during the span of a year to continue being qualified for a NetID. Students graduating after the 1992 Spring term needing access to PAWS can reactivate their NetID for a one year interval to accommodate PAWS access.

Alumni are narrowly defined as only those individuals that have successfully graduated from a degree program from the University. Alumni graduating prior to the Fall05 term are not entitled to a NetID. Alumni graduating after the Fall05 semester are entitled to keep a university NetID via one-year extensions. If an Alumni account is permitted to expire, personal data contained on any university systems utilizing that NetID will be permanently destroyed including, but not limited to, emails, shared files, and web pages. The university must comply with all federal, state, and local legislation regarding privacy of data.

Terminated Employees will immediately lose all access to the University information systems at the end of the business day on their date of separation from the University. No extended or continued access for terminated employee is granted or guaranteed by the University.

Terminated Employees enrolled as students will lose access to employee related systems but will retain a NetID to facilitate their continued enrollment and will be subject to student NetID retention policies thereafter.

Employees on Disability will have differing access depending on the disability type. Employees on short-term disability are entitled to the equivalent account access they had prior to the change in status. An employee that has their status changed to long-term disability is not entitled to a NetID account.

Amicably Departing employees, at their request, shall be granted up to 90 days of access to their EIU email account following their date of severance. Subsequent to departure, the employee can request email received in their former EIU email account to be electronically forwarded to a new email account provided by the employee for a period of one year after departure. The employee's vice president may authorize exceptions to this policy.

Annuitants, defined above as those individuals meeting the criteria outlined in Eastern Illinois University's Internal Governing Policy (IGP) No. 2, are granted lifetime access to University e-mail systems as well as University dial-up Internet connections per current University policies. Upon retirement, the users account is issued for a period of one year with one-year renewals in perpetuity. Please consult individual system policies for specific permissions granted to Annuitants.

SPEC accounts are tied to the NetID of the sponsoring employee. Upon said employee's separation from the university, the account and contents contained within are the property of the university and will be reassigned in accordance with university policy on a subsystem basis. Generally the account is reassigned to another accepting employee as specified by the original sponsor prior to separation.

Professional Affiliate accounts are renewable in 5 year terms or can be revoked at the leisure of the Vice President of Student Affairs.

Other account types not covered in the preceding classifications (generally meaning grandfathered, special, and system specific accounts) are defined as having a specific expiration of four months from creation unless defined otherwise by written agreement upon the account's creation.