1601 PR.02 NetIDs and Identity Management

Revision Date: 
June 29, 2017

Contents

1.       Overview

2.       Yale University NetID

3.       Maintaining the Integrity of your Yale NetID and Password

4.       How NetIDs are Created

5.       Deactivating and Reuse of a NetID

6.       Responsible NetID

In accordance with Policy 1601 Information Access and Security, the following standards apply to all individuals who have accounts created to access University information or to access any of the University’s applications or systems.  This procedure describes the lifecycle of a NetID: provisioning (creation), maintenance and de-provisioning (deactivation). 

Important points about NetIDs include:

  • Individuals are allowed only one personal NetID.
  • Individuals must not share their NetIDs and passwords with others.
  • Access to Yale systems and services must be associated with a valid and active member of the Yale Community. Yale will regard a NetID as active if the owner continues to maintain the credentials associated in a fashion compliant with all University policies.
  • “Responsible NetIDs” must be associated with an active and current member of the Yale Community as described in 3 above.
  • Yale NetID passwords must be changed at least once per calendar year to a different password.  This includes primary and Responsible NetIDs (see below).
  • Each year’s password must be unique – don’t recycle previous year’s passwords.
  • Don’t use your Yale NetID password elsewhere (such as on Internet websites) outside of Yale.

Each member of the Yale community is assigned a unique network identification (NetID).  A NetID is normally the individual’s initials and a few numbers (such as aa11 or bb345).  A NetID is not changed under normal circumstances and remains a unique identifier for that individual even after they have left the University.

A NetID and password are the credentials to the campus network and most University systems.  They may provide access to sensitive information (such as benefits, tax information, salary and academic information), network access (such as wireless or VPN) and networked resources (such as email, library databases and journals).  The most important NetID maintenance task is choosing and maintaining a strong password.  In addition, NetID account owners must keep their contact information current in the official Yale record.

All NetID passwords must be changed once per calendar year to a different password. 

Each year’s password must be unique – don’t recycle previous year’s passwords.

Don’t use your Yale NetID or password elsewhere (such as on Internet websites) outside of Yale.

A NetID can be created after an individual has been added to either the Human Resources, Banner systems or Sponsored Identity application (see related procedures).  Student NetIDs are created during the admission process, prior to acceptance at Yale NetIDs of applicants who are not admitted or who do not matriculate will be deactivated and held in the system for two years.

NetIDs are created for Yale faculty and staff members as part of their hiring and appointment process. For Sponsored Identities, such as research affiliates, visitors, consultants and contractors, NetIDs are created on an as needed basis.

Refer to NetIDs: Who Can Use Them:  https://its.yale.edu/secure-computing/identity-and-access-management/accounts-and-access/netids-who-can-use-them.

A NetID is a unique identifier that is associated with an individual member of the Yale community even after they have left the University.  In the case of student applicants who were not admitted or who did not matriculate, NetIDs used during the admission process will be deactivated.  After two years these NetIDs will be expunged and made available for re-use. 

In order for Yale credentials to stay active, they must be compliant with existing policies.  The most common cases for decommissioning an NetID include graduating students and termination of employment.  In addition, during yearly password change initiatives, accounts failing to meet password maintenance requirements are deactivated.  Those NetID account owners who fail to maintain up to date contact information will have their NetID and any associated Responsible NetID deactivated.  Once a NetID has been deactivated, it can be reactivated by Client Accounts.

A valid Responsible NetID is one that is subordinate to a primary NetID.  The primary NetID must be associated with either a Management & Professional (M&P) or a Service & Maintenance (S&M) staff member or a Yale Faculty member.  This individual must maintain an active Yale record with credentials in keeping with all current policies.

Examples of valid Responsible NetIDs:

  • Use as a departmental or generic email account

Departments and organizations often have the need to maintain a shared email account for the purposes of better serving customers.  Sharing NetIDs and passwords for these shared accounts is allowed only within the department.  These NetIDs are required to be associated with an active member of the faculty, M&P or S&M.  The responsible individual must adhere to all other relevant policies including annual password change provisions.

  • Pre-approved situations for managing technical resources

IT departments may use a responsible NetID as a service account that is used by one or more systems when connecting to other systems or automated processes that require credentials.  Any such NetID must continue to be associated with an active member of the faculty, M&P or S&M.

Examples of unacceptable Responsible NetIDs:

  • Use by a temporary, consultant or any non-Yale employee

All NetIDs must be associated with an individual with active and valid biographical and contact information–Even for temporary employees.

  • Use for generic Yale Active Directory Accounts

NetIDs must not be shared for Active Directory accounts.