Account Generation Processes
Purpose
User accounts that provide access to various IT resources are created and maintained by the Department of Information Technology to support the academic and administrative work of members of the University community. Access to all University IT systems is governed by various University policies, including the University's "Appropriate Use Policy" and the University's "Confidentiality Agreement."
Scope
User accounts are automatically generated for all members of the University - faculty, students and employees.
Policy
Accounts Generated Automatically by Banner
Certain accounts are provided to members of the University community automatically when they become a student or employee. These accounts include (but are not limited to):
- PirateNet: PirateNet is the entirety of the IT services provided to the community and does not refer to a specific service or application. As the campus portal, it provides "single sign-on" access to these IT services.
- Microsoft Active Directory (AD): AD is the University's standard authentication system for most IT systems. AD is used to access most other systems, including the campus network, PirateNet, email, the Canvas Learning System, Banner Self Service and many of the network printers around campus.
- Microsoft Office 365: All members of the University community receive an Office 365 account that provides access to all non-email services, including Microsoft OneDrive for Business, providing online file storage, Microsoft Skype for Business Web conferencing, Microsoft Sites Web hosting, Web-based versions of the Microsoft Office suite, and other services.
- Email: Students, faculty and employees are provided a Microsoft Office 365 mailbox.
- Canvas Learn: Canvas Learn is a Web-based course management system used by many faculty for their classes. Instructors and students are automatically enrolled in each Canvas course for which they are assigned or registered.
- Banner Self Service: Banner is the University's system to maintain student, HR and financial records.
- All Students are given access to Banner Self Service for Students. This provides access to a student's own record, including their unofficial transcript, bursar bill and financial aid awards, and provides the ability to register for courses and the like.
- All employees are given access to Banner Self Service for Employees. This provides access to an employee's own record, including their pay stub and leave balances, as well as the ability to manage their insurance plans.
- All instructors are given access to Banner Self Service for Faculty. This provides access to course rosters and provides the ability to post grades for students in their assigned courses. All full-time faculty are given access to Banner Self Service for Advisors. This gives advisors access to students' academic records.
- Okta: This system enables members of the University community to change their password and set up password self-service reset by identifying a series of questions and answers that are unique to each user.
These accounts are generated automatically when a new student, faculty or employee record is created in the Banner Student or Banner HR systems.
While most user accounts are generated within a few minutes of the student or employee record being created in Banner, the account generation process may take up to forty eight (48) hours if the automated systems detect a conflict between systems that require manual intervention. Examples that require manual intervention include (but are not limited to): cases where a new employee is a current or former student, cases where a new student is a former employee, or a student or employee has changed their name since they last attended the University.
Disabling Automatically Generated Accounts
Access to these systems requires an active Microsoft Active Directory (AD) account. AD accounts are synchronized with Banner according to the following schedule:
Employee and faculty's AD accounts are disabled as soon as their active assignment in Banner HR ends. Note that there can be a delay of up to a month between an employee's last day of work and when their active assignment in Banner HR ends. Supervisors who wish to have account access disabled on the employee's last day of work should make appropriate arrangements with Human Resources as part of the employee's separation. Employees who are leaving employment by the University but are continuing as students should contact the Technology Help Desk to request that the University change their primary role in Banner from Employee to Student. Student and adjunct faculty AD accounts are disabled approximately 180 days after the end of their last class. This practice recognizes that students and adjunct faculty sometimes do not take or teach classes one semester but continue to be active members of the University community. When a student or faculty is leaving the University and the University has a business need to disable the account immediately, appropriate arrangements should be made through Student Services (in the case of students) or Academic Affairs (in the case of faculty). Graduating students will have their automatically generated accounts disabled approximately 150 days after graduation. This practice gives graduating students time to transition to their alumni account.
Contractors and Consultants
A request for temporary accounts for contractors and consultants should be initiated by the contractor or consultant's sponsor using the contractors and consultants account request form in PirateNet. Upon receipt of the form the University Card Office will create a Banner General Person record, which in turn will generate the appropriate AD, Email, and PirateNet accounts. The request form must specify an end date for the assignment. Assignments can last up to one year. Longer term contractors or consultants must have their account access re-confirmed annually by the sponsor. The consultant or contractor's AD account will be automatically disabled at the end date of his or her assignment. Sponsors should request that the Card Office end the assignment in Banner in cases where the work is terminated prior to the end date specified when the account was created.
Banner Access
Access to Banner INB (Internet Native Banner), Banner Self Service for Finance and the Banner reporting systems (Cognos, the Banner Operational Data Store [ODS] and the Banner Enterprise Data Warehouse [EDW]) is not generated automatically, but rather, must be requested by the employee's immediate supervisor using the online Banner Access Request form found in PirateNet. The request must specify the particular Banner areas, forms and reports the employee needs to perform their job function and what type of access (e.g., read only, data entry only, full access, etc.) is requested. The request must be approved by the relevant Banner Data Steward(s) in Enrollment Services, Finance, HR and/or Student Services before access is granted. If a supervisor has any questions about what Banner forms or reports are available and what type of access is required for their employee they should consult with the Banner Data Steward(s) in Enrollment Services, Finance, HR and/or Student Services.
Access to Banner INB, Banner Self Service for Finance and Banner reports requires authentication through Active Directory (AD), so Banner INB and Banner report access is disabled as described above when an employee leaves the University. If a supervisor wishes to disable an employee's Banner access as soon as they separate from the University the supervisor should make that arrangement with Human Resources at the time of the employee's separation.
When an employee moves within the University, their Banner access will not be automatically disabled, but their Banner access may not be appropriate for their new job. The employee's new supervisor should review the employee's access to Banner and Banner reports and update their access using the online Banner Access Request form found in PirateNet.
Supervisor Responsibilities
For employees, maintaining appropriate access to the University's systems requires a certain amount of diligence on the part of the employee's supervisor. For the convenience of the University's community, the responsibilities of the hiring manager in the University's account maintenance process are outlined here:
Onboarding
For accounts generated automatically by Banner, the hiring manager should make sure that the appropriate hiring paperwork is received by HR and the Banner HR record is created at least two business days before the new employee starts work.
Please alert the Technology Help Desk if the new employee is not listed in the email Global Address Book after the Banner HR record is created; this might indicate there is a problem with the new employee's Banner record that needs to be fixed by either HR or IT. If the new employee is a former employee or student, the accounts may need to be generated manually; if you know a new employee is a former student or employee, please contact the Technology Help Desk so we can watch for the account generation process and take appropriate steps to ensure the accounts get created.
If the new employee requires Banner INB, Banner Finance Self Service or Cognos access, complete the appropriate request form in the SHU Portal. Please allow the data stewards and IT several days to process your request.
If the new employee is coming from another area of the University and has Banner INB, Banner Finance Self Service and/or Banner Cognos access, please review their access to ensure it is appropriate to their new job function and update their access as needed using the Banner access request form in PirateNet.
Separation
Be aware that it may take as long as a month for Banner to automatically disable a former employee's accounts. If you have an employee separating from the University and you would like their accounts disabled as part of the separation process, please work with HR to have that done as part of the separation process.
For Additional Information
Members of the University community who are having a problem with or who need additional information about the University's account generation process, should call the Technology Service Desk. If the Technology Service Desk is not able to answer your question they will initiate a service request to get you the information you need.
Responsible Offices
Department of Information Technology
Approval
Approved
Effective date
November 30th, 2017