MCommunity Sponsor System Overview

The MCommunity Sponsor System allows authorized U-M staff members to get uniqnames and create online identities for people who are affiliated with the university but who do not receive uniqnames and online identities through other means (such as the self-registration option provided to incoming students and regular staff).

Sponsored individuals include, for example, conference attendees, contractors, incoming faculty who need access to U-M resources before the hiring process is complete, academic affiliates, and others.

This document provides an overview of the Sponsor System, including details about uniqname types, identity types, sponsorship lengths, minimum data requirements, e-mail notifications sent by the system, what happens when a sponsorship expires, who can reset passwords for sponsored individuals under what circumstances, and more. For step-by-step instructions for using the system, see Using the MCommunity Sponsor System Via the Web (S4356).

What Is MCommunity?

MCommunity is a central system that stores information about members of the U-M community that is used to grant them access to various online resources at both the university and departmental levels. It is a flexible, centralized, identity management system that U-M campuses and units can use in decentralized ways for providing access to information technology resources and services. The most visible part of MCommunity is the MCommunity Directory.

To learn more about MCommunity, see MCommunity Overview (R1457).

What Is the Sponsor System?

The Sponsor System is the part of MCommunity that is used to create uniqnames and online identities for sponsored affiliates, people who are affiliated with the university but who do not receive uniqnames by other means. Sponsored affiliates include, for example, conference attendees, contractors, incoming faculty who need access to U-M resources before the hiring process is complete, and others.

The Sponsor System allows units to sponsor people as members of the U-M community for specified periods of time. An individual may be sponsored by more than one unit.

Who Can Use It?

Authorized U-M staff members can use the system. To use the system, you must become a sponsorship administrator.

Sponsor. A U-M department or unit that sponsors creation and/or management of identities in MCommunity.

Sponsoring Authority. A person who authorizes sponsorship administrators for specified university departments. It is the responsibility of the sponsoring authority to oversee the sponsorship administrators s/he has authorized and ensure that appropriate policies and guidelines are followed. For more about sponsoring authorities, see MCommunity Sponsoring Authority Policies and Agreement (R1460).

Requester. A person in the sponsoring department who requests a sponsorship. For example, a conference organizer might request sponsorships with temporary uniqnames for a group of conference attendees, or an administrative staff member might request a sponsorship with a regular uniqname for an incoming faculty member who needs early access to online resources. In some cases, the requester might be the sponsorship administrator.

Sponsorship administrators. The people who use the MCommunity Sponsor System to set up sponsored identities and get uniqnames. For more about sponsorship administrators, see MCommunity Sponsorship Administration Policies and Agreement (R1459).

Uniqname Types—Regular and Temporary

The Sponsor System can assign regular and temporary uniqnames. See the Sponsorship Components Chart below for details about who gets what type of uniqname.

• Regular uniqnames. Most members of the university community have regular uniqnames. They are made up of three to eight alphabetic characters (for example, bjensen). Regular uniqnames are assigned for life and are never reused. People with regular uniqnames who leave the university and return at a later date can usually reclaim their own uniqname, but no one else can ever use it. However, if a sponsored individual with a regular uniqname and minimal identity information on record (that is, a weak identity) leaves the university and returns later, wanting to reuse his or her uniqname, there will not be enough information available to match records in other university systems to verify that this is indeed the same person; in that case, the uniqname cannot be reclaimed, and a new uniqname would need to be created if needed.

• Temporary uniqnames. Temporary uniqnames are intended for short-term use, such as access to resources for a summer program participant. They consist of um, followed by a number generated by the MCommunity Sponsor System (for example, um000000). These are never reused. If a sponsorship and temporary uniqname have expired, an individual can be given a new temporary uniqname.

Identity Types—Strong and Weak

The identity type is determined by the amount of data collected and depends on whether the sponsored person needs a regular uniqname and a UMID. See the Sponsorship Components Chart below for details about who needs what type of identity.

• Strong identity. Most members of the university community have a strong identity. A strong identity in MCommunity has adequate identity data to confidently match it against identities in other U-M systems.

  A strong identity results in an entry in Wolverine Access and the creation of a UMID (U-M identification) number in Wolverine Access. (For U-M employees, this number is often referred to as an Emplid number.) People who are paid by the university are required to have a UMID in M-Pathways.)

  A strong identity requires one of the following data combinations. If the person being sponsored already has a UMID, this information is already on file and does not need to be re-entered.

  Data Combination 1 First & Last Name E-Mail Address Social Security Number Date of Birth

  Data Combination 2 First & Last Name E-Mail Address Social Security Number Gender Home Street Address

  Data Combination 3 First & Last Name E-Mail Address Date of Birth Gender Home Street Address

  The ITS Service Center can do UMICH password resets over the phone for individuals with strong identities who have forgotten their password because there is sufficient information on record to verify their identity.

  IMPORTANT! The Sponsor System does not store Social Security numbers. It uses them to search Wolverine Access in order to prevent the creation of duplicate entries. Once it completes the search, it discards the Social Security number.

• Weak identity. Minimal information is required to create an entry with a weak identity in the MCommunity Sponsor System—just first name, last name, and a non-UMICH e-mail address. These identities are generally for short-term use.

  Uniqnames associated with weak identities cannot be re-used by their owners after they expire because there is no way to verify identity.

  People with weak identities who forget their passwords must go to the departmental person who originally requested their sponsorship for password resets. The requester can ask a departmental sponsorship administrator to reset the password using the Sponsor System or can ask the ITS Service Center to do it. Either way, the requester must verify the individual's identity; no one else will have sufficient information on record to do so. Before the ITS Service Center can reset a password for a sponsored individual at the request of a departmental staff person, the Service Center must verify the staff person's identity and be sure that the staff person is indeed requesting a password reset for the true owner of the uniqname.

Sponsorship Business Reasons

The reason for a sponsorship is defined by the relationship the sponsored individual has with the university. It also depends on whether a regular uniqname and UMID are needed.

Regular Uniqname Plus UMID

The sponsored affiliates listed below receive a regular uniqname and a UMID. They get an entry in Wolverine Access and an entry in MCommunity. They get a limited Wolverine Access self-service role that allows them to update their address, phone number, and emergency contact information; set a preferred name; and sign up for UM Emergency Alerts.

• Incoming Faculty/Staff. When units need incoming faculty and staff to have access to U-M computing resources before they have completed the hiring process, those units can sponsor them. They need a regular uniqname and a strong identity so there is sufficient information on record for their employment data to be matched to their sponsorship entry.

• Temporary Staff. Temporary staff members are hired by units for up to one year. As of June 27, 2011, temporary staff are hired through eRecruit and get a uniqname during the hiring process. Temporary staff hired before that date need to be sponsored to get them a regular uniqname so they can access their personal information in Wolverine Access. Even if they already have a uniqname from a previous relationship to the university, they will need to be sponsored so their uniqname can be reactivated and their Wolverine Access self-service role can be set up.

• Contractors. Contractors work in university departments, but they do not have a U-M job appointment. These individuals often perform the same job duties as U-M staff members, may be granted access to critical university business systems, and are held to the same standards of accountability as U-M staff. For these reasons, a contractor needs a regular uniqname and a strong identity.

• Academic Affiliates. These are people who have an academic relationship with the university but who are not U-M students or faculty members. Visiting nurses, visiting scholars, and other academic visitors are in this category. They need a regular uniqname and a strong identity for things such as receiving a stipend from the university or obtaining a regular ID badge with their UMID on it.

• Other University Affiliates. These are people who need a regular uniqname and a UMID but who do not fit any of the sponsorship reasons described above. Perhaps, for example, their relationship to the university is more administrative than academic, or their role is unique to the unit with which they are affiliated.

• U-M Online Subscribers. The U-M Online service is no longer available, but this sponsorship reason remains in the Sponsor System for now because people who subscribed to the service in early 2012 were allowed to continue receiving some computing services and therefore needed to remain in the directory. This sponsorship reason can no longer be used for new sponsorships. It will be removed from the Sponsor System at some point.

Regular Uniqname

The sponsored affiliates listed below receive a regular uniqname, but they do not receive a UMID. They have a temporary entry in MCommunity, but they do not have an entry in Wolverine Access. Once the sponsorship expires, the uniqname cannot be reactivated, and computing services associated with it cannot be reinstated, because there is insufficient identity data on file to verify the person's identity. When the sponsorship expires, the entry is removed from MCommunity.

• Long-Term Guests. These are people who need access to services that require a regular (not temporary) uniqname but for whom only minimal identity data is available. The benefit to departments of this sponsorship type is that the sponsorship can be set up quickly. The drawback is that a UMID is not connected to the sponsorship. Should a UMID be needed later, it may not be possible to get one and allow the person to keep the same uniqname (for assistance with such cases, contact the ITS Service Center).

Temporary Uniqname

• Conference/Program Participants. These people receive a temporary uniqname for the duration of a conference or other program.

• Short-Term Guests. Use this category to sponsor short-term guests who just need a temporary uniqname and who do not fall into any of the other categories listed above.

Sponsorship Components Chart

* Sponsorship administrators can change the suggested (default) sponsorship length when they set up sponsorships. The maximum length is 1 year. All sponsorships are renewable as long as they have not yet expired.

** The U-M Online service is no longer offered. This sponsorship reason will be removed from the Sponsor System at some point. It should no longer be used.

What Computing Services Do Sponsored People Get?

Sponsored people automatically receive the following services by virtue of being sponsored:

• A uniqname and UMICH password.

• A Google Apps UMICH account.

• The ability to log in to and use Campus Computing Sites computers.

• A profile in the MCommunity Directory.

• An Active Directory UMROOT account. This account can be used to access services that departments and ITS authorize the person to use, as well as MWireless.

  TIP: You do not need to sponsor people to give them access to MGuest wireless; it does not require a uniqname.

E-Mail Notices Sent By the Sponsor System

When sponsorship administrator sets up sponsorships, they can select which sponsorship and expiry e-mail notices they want the Sponsor System to send.

Confirmation of Sponsorship

E-mail notices confirming that the sponsorship has been created and providing the uniqname (but not the password) can be sent. Sponsorship administrators can select which of the following people receive a confirmation e-mail:

• Requester

• Sponsored person(s) (sent to the non-UMICH e-mail address entered during sponsorship creation)

IMPORTANT! The only place that the sponsored person's UMICH password is displayed is on the Sponsor System screen at the end of the sponsorship creation process. It is the sponsorship administrator's responsibility to note the password and convey it in a secure manner to either the requester or the sponsored individual.

See Appendix: Sample E-Mail Notifications below for the text of the messages.

Expiry Warning Notices

E-mail notices that warn when a sponsorship will expire can be sent. Sponsorship administrators can select which of the following people receive an automated sponsorship expiry warning e-mail, as well as whether the e-mails should be sent two weeks or 45 days before the sponsorship is to expire:

• Sponsorship administrators (all those for the sponsoring department)

• Requester

• Sponsored person(s) (sent to the non-UMICH e-mail address entered during sponsorship creation)

• Any person with a U-M uniqname or any group listed in the MCommunity Directory

Sponsorship administrators can change when and to whom expiry warning e-mails are sent by editing sponsorships.

See Appendix: Sample E-Mail Notifications below for the text of the messages.

Sponsorship Expiry

All sponsorships have a start date and an expiry date. They expire on the expiry date. The maximum sponsorship duration is one year. However, sponsorship administrators can renew sponsorships as often as needed—as long as they have not yet expired.

What happens on expiry depends on the identity type—strong or weak. If a person has multiple sponsorships, the expiry process happens when the last sponsorship ends.

When Sponsorships with STRONG Identities Expire

Includes contractors, academic affiliates, and others. These sponsorships require enough identity information to create an entry in Wolverine Access.

On the Expiry Date (at the very end of the day):

1. The sponsorship expires. (Before the expiry date, the sponsorship can be extended; after the expiry date, it cannot be extended.)

2. The uniqname is deactivated and stops working (that is, the sponsored person can no longer log in to anything using that uniqname). Because Wolverine Access entries are created for sponsored people with strong identities, their uniqnames can be reactivated with sufficient proof that the person requesting reactivation is indeed the same person the original uniqname belonged to.

3. The sponsored person's entry is removed from the MCommunity Directory. This means that e-mail forwarding stops.

4. Any computing services (such as e-mail and IFS space) assigned to that uniqname are ended on the same date the last sponsorship ends. They can be reactivated only if the process that disables and purges ITS computing services has not yet run.

NOTE: If a sponsored person with a strong identity becomes an employee or student, their uniqname and any associated ITS computing services will continue, even after their sponsorship expires, because of their new affiliation.

When Sponsorships with WEAK Identities Expire

Includes long-term guests, conference/program participants (including summer campers), and short-term guests. These sponsorships require minimal identity information and do not result in an Wolverine Access entry.

On the Expiry Date (at the very end of the day):

1. The sponsorship expires. (Before the expiry date, the sponsorship can be extended; after the expiry date, it cannot be extended. New sponsorships can be added before the expiry date only; sponsorships cannot be added after the identity has expired.)

2. The uniqname is deactivated and stops working (that is, the sponsored person can no longer log in to anything using that uniqname).

3. The sponsorship entry is removed from the MCommunity Sponsor System.

4. The sponsored person's entry is removed from the MCommunity Directory. This means that e-mail forwarding stops.

5. The uniqname is permanently retired and therefore unavailable (that is, it can never be used again). The uniqname is retired because there is not enough identity information on record to validate the person's identity for re-use of the uniqname. The identity has fully expired.

6. Any computing services (such as e-mail and IFS space) assigned to that retired uniqname are ended. Computing services cannot be transferred to a new uniqname or reactivated.

Tips For Managing Sponsorship Expiry

• When you set up a sponsorship, set the expiry date to allow yourself a little extra time in case you later need to extend the sponsorship. For example, you might set the expiry date for a conference sponsorship to be five days after the end of the conference.

• If you expect the sponsorship will need to be renewed, select expiry warning messages during sponsorship creation that will give the appropriate people enough warning time so they can get the renewal done before the sponsorship expires.

• Tell sponsored people that if they want to keep any files or messages after their sponsorship expires, they will need to save them ahead of time. They can send them to their non-UMICH e-mail account or save them on a flash drive, for example.

Password Resets for Sponsored Individuals

Sponsored individuals can change their own UMICH passwords using the same password changing page (login required) used by all other members of the university community.

Regular Uniqnames, Strong Identities

Sponsored individuals with regular uniqnames and strong identities who forget their UMICH passwords must phone the ITS Service Center to have their passwords reset. There is enough information in MCommunity about these people for the Service Center to verify their identity over the phone or in person—and therefore to reset their passwords for them.

This includes contractors, incoming faculty/staff, temporary staff, academic affiliates, and others.

Regular or Temporary Uniqnames, Weak Identities

Sponsored individuals with regular or temporary uniqnames and weak identities must go through their requester (the person who requested their sponsorship) for password resets. The requester can ask either a departmental sponsorship administrator or the ITS Service Center to do the actual password resetting, but it is the responsibility of the requester or departmental sponsorship administrator to verify the sponsored individual's identity and get the reset password to that person in a secure manner.

This includes long-term guests, conference/program participants, and other short-term guests.

Transitioning Between Sponsorship and Identity Types

You cannot change the business reason for a sponsorship after the sponsorship has been set up. You cannot, for example, change a contractor to an incoming staff member. However, you can add a new sponsorship with a different business reason (with some limitations depending on the uniqname type). An individual can have multiple sponsorships with different start and expiry dates. See Adding Sponsorships to an Already-Sponsored Person in Using the MCommunity Sponsor System Via the Web (S4356) for instructions.

Sponsorships with Temporary Uniqnames

Sponsored people with temporary uniqnames can only have additional sponsorships that also use temporary uniqnames. If you want to create a sponsorship with a regular uniqname for a person who currently has a temporary uniqname, you must create a new sponsored identity—and uniqname—for the person. You can allow the sponsored identity with the temporary uniqname to expire on its own, or you can edit it to make it expire early if you wish.

Sponsorships with Regular Uniqnames

Sponsored people with regular uniqnames can only have additional sponsorships that also use regular uniqnames. Adding a sponsorship that results in a strong identity to the entry for a sponsored person whose current sponsorship has a weak identity (that is, a long-term guest), is problematic because of issues regarding the assignment of a UMID. It may not be possible for the person to keep the same uniqname under these circumstances. Please contact the ITS Service Center for assistance in such cases.

Some sponsored people, such as incoming faculty members, will transition from being sponsored to being regular members of the university community who are included in one of the authoritative data feeds, such as the feed of employee data from Wolverine Access.

MCommunity will reconcile the information from Wolverine Access with that in the Sponsor System and allow the person to keep the uniqname she or he is using—as long as there is enough identity information in the Sponsor System to match the two records. It is essential that enough identity data for a strong identity be provided for persons who will make this transition.

Additional Resources

The MCommunity Project website provides information about the project status, history and more.

Visit ITS's Information System to obtain ITS computer documentation and other resources. A list of relevant documents follows:

• Using the MCommunity Sponsor System Via the Web (S4356)

• MCommunity: Sponsoring New Employees to Get them Uniqnames and More (S4369)

• MCommunity: Sponsoring Short-Term Guests Using File Import (S4370)

• Communicating and Resetting Passwords for Sponsored People (S4371)

• MCommunity Overview (R1457)

• MCommunity Sponsorship Administration Policies and Agreement (R1459)

• MCommunity Sponsoring Authority Policies and Agreement (R1460)

The ITS Service Center provides a variety of computing help resources.

For further help with this or any other topic, call 734-764-HELP [4357] or submit an online service request.

Please direct questions about the MCommunity Project to the MCommunity leads at MCommunity.Leads@umich.edu.

Appendix: Sample E-Mail Notifications

Confirmation to Sponsored Individual

NOTE: E-mail notifications are not sent to people sponsored using file import.

E-Mail Confirmation to Requester

E-Mail Notice of Sponsorship Expiration (sent to those selected by the sponsorship administrator)