This document provides an overview of the system, including details about uniqname types, identity types, sponsorship lengths, minimum data requirements, notifications sent by the system, what happens when a sponsorship expires, who can reset passwords for sponsored individuals under what circumstances, and more. For step-by-step instructions, see Using the MCommunity Sponsor System Via the Web (S4356).

Table of Contents

What Is MCommunity?

MCommunity will replace the University's current uniqname management system and the U-M Online Directory.

To learn more about MCommunity, see MCommunity Overview (R1457).

Table of Contents

What Is the Sponsor System?

U-M staff members who currently use Information and Technology Services's (ITS) uniqname system to create uniqnames via either WebUniq or the uns command-line tool will instead use the data in MCommunity Sponsor System to create sponsored identities (including uniqnames) via the web or via a command-line tool.

The MCommunity Sponsor System is used for creating and managing digital identities (including uniqnames) in MCommunity for sponsored affiliates. Once a sponsored affiliate is included in MCommunity, U-M central units and departments will be able to use MCommunity to provide that person with access to information technology services and resources. Eventually, MCommunity will also handle provisioning of computing services.

The Sponsor System basically allows units to sponsor people as members of the U-M community for specified periods of time. An individual may be sponsored by more than one unit.

Table of Contents

Who Can Use It?

Sponsor. A U-M unit that sponsors creation and/or management of identities in MCommunity.

Sponsoring Authority. A person who authorizes sponsorship administrators for specified University units and/or departments. It is the responsibility of the sponsoring authority to oversee the sponsorship administrators s/he has authorized and ensure that appropriate policies and guidelines are followed. For more about sponsoring authorities, see MCommunity Sponsoring Authority Policies and Agreement (R1460).

Requester. A person in the sponsoring department who initiates a request for creation of a sponsored identity. For example, a conference organizer might request a number of sponsored identities with uniqnames, or an administrative staff member might request a sponsored identity and uniqname for an incoming faculty member who needs early access to online resources. In some cases, the requester might be the sponsorship administrator.

Sponsorship administrators. The people who enter information into MCommunity using the Sponsor System to create sponsored identities, including uniqnames. For more about sponsorship administrators, see MCommunity Sponsorship Administration Policies and Agreement (R1459).

Departments can have their own sponsorship administrators to manage MCommunity identities for sponsored affiliates for their departments, or they can request that the ITS Accounts Office manage those MCommunity identities for them.

Table of Contents

Uniqname Creation Options

Uniqname self-registration will be added to the Sponsor System later. This will allow sponsored individuals to select a uniqname and password themselves via a web interface. This will be similar to the uniqname self-registration process already available to new staff, new Ann Arbor students, and alumni.

Table of Contents

Uniqname Types—Regular and Temporary

• Regular uniqnames. Most members of the university community have regular uniqnames. They are made up of three to eight alphabetic characters (for example, bjensen). Regular uniqnames are assigned for life and are never reused. People with regular uniqnames who leave the university and return at a later date can usually reclaim their own uniqname, but no one else can ever use it. However, if a sponsored individual with a regular uniqname and minimal identity information on record (that is, a weak identity) leaves the University and returns later, wanting to reuse his or her uniqname, there will not be enough information on record to match records in other university systems to verify that this is indeed the same person; in that case, the uniqname cannot be reclaimed, and a new uniqname would need to be created if needed.
• Temporary uniqnames. Temporary uniqnames are intended for short-term use, such as access to resources for a summer program participant. They consist of um, followed by a number generated by the MCommunity Sponsor System (for example, um000000). These are never reused. If a sponsorship and temporary uniqname have expired, an individual can be given a new temporary uniqname.

Table of Contents

Identity Types—Strong and Weak

• Strong identity. Most members of the university community have a strong identity. A strong identity in MCommunity has adequate identity data to confidently match it against identities in other U-M systems.

  A strong identity results in an entry in M-Pathways and the creation of a UMID (U-M identification) number in M-Pathways. (For U-M employees, this number is often referred to as an Emplid number.) People who are paid by the university are required to have a UMID in M-Pathways.)

  A strong identity requires one of the following data combinations:

  Data Combination 1 First & Last Name E-Mail Address Social Security Number Date of Birth

  Data Combination 2 First & Last Name E-Mail Address Social Security Number Gender Home Street Address

  Data Combination 3 First & Last Name E-Mail Address Date of Birth Gender Home Street Address

  The ITS Accounts Office can do password resets over the phone for individuals with strong identities because there is sufficient information on record to verify their identity.

  IMPORTANT! The Sponsor System does not store Social Security numbers. It uses them to search M-Pathways/Wolverine Access in order to prevent the creation of duplicate entries. Once it completes the search, it discards the Social Security number.

• Weak identity. Minimal information is required to create an entry with a weak identity in the MCommunity Sponsor System—just first name, last name, and a non-UMICH e-mail address. These identities are generally for short-term use.

  Uniqnames associated with weak identities cannot be re-used by their owners after they expire because there is no way to verify identity.

  People with weak identities who forget their passwords must go to the departmental person who originally requested their sponsorship for password resets. The requester can ask a departmental sponsorship administrator to reset the password or can ask the Accounts Office to do it. Either way, the requester must verify the individual's identity; no one else will have sufficient information on record to do so. Before the ITS Accounts Office can reset a password for a sponsored individual at the request of a departmental staff person, the Accounts Office must verify the staff person's identity and be sure that the staff person is indeed requesting a password reset for the true owner of the uniqname.

Table of Contents

Sponsorship Business Reasons

• Contractors. Contractors work in university departments, but they do not have a U-M job appointment. These individuals often perform the same job duties as U-M staff members, may be granted access to critical university business systems, and are held to the same standards of accountability as U-M staff. For these reasons, a contractor needs a regular uniqname and a strong identity.
• Incoming Faculty/Staff. When units need incoming faculty and staff to have access to U-M computing resources before they have completed the hiring process, those units can sponsor them. They need a regular uniqname and a strong identity so there is sufficient information on record for their employment data to be matched to their sponsorship entry.
• Temporary Staff. Temporary staff members are hired by units for up to one year. They have a U-M job appointment.
• Visiting Researchers/Scholars. These are people who have an academic relationship with the university but who are not U-M students or faculty members. Visiting nurses, visiting scholars, and other academic visitors are in this category. They need a regular uniqname and a strong identity for things such as receiving a stipend from the University or obtaining an ID badge.
• U-M Online Subscribers. U-M Online subscriptions are entered into MCommunity in the form of a sponsorship. Only the ITS Accounts Office should sponsor U-M Online subscribers.
• VIPs. VIPs (Very Important Persons) include political figures, dignitaries, visiting speakers, and others. They may need a regular uniqname, but the sponsoring unit may feel that a weak identity will suffice because it would be inappropriate to request the personal information needed for a strong identity. Units that sponsor VIPs must accept the responsibility for verifying identity for password resets and other needs because there will not be enough information in MCommunity for the ITS Accounts Office to do so.
• Associates. This sponsorship reason is for use when a unit needs to give someone a regular uniqname quickly with minimal identity information. Associates include people who need a regular uniqname either because they are likely to have a more direct relationship with the University in the future or because they need access to services that require a regular (not temporary) uniqname. However, these people do not currently need a UMID number. Therefore, the unit can sponsor them with a weak identity for the time being, with the understanding that enough information for a strong identity will be provided later if needed. Examples include vendors and also consultants who work for an agency with which the University contracts and others who do not currently receive direct payment from the University but who need access to U-M computing services for their work.
• Conference/Program Participants. These people receive a temporary uniqname for the duration of a conference or other program.
• Wireless Users. Units can sponsor guests for short-term wireless use at no charge. The sponsored user receives a temporary uniqname and password that can be used to log into the wireless network for a specified period of time.
• Other Short-Term Guests. Use this category to sponsor short-term guests who just need a temporary uniqname and who do not fall into any of the other categories listed above.

Table of Contents

Sponsorship Components Chart

* Sponsorship administrators can change the suggested (default) sponsorship length when they set up sponsorships. The maximum length is 1 year. All sponsorships are renewable.

** Only the ITS Accounts Office can set up sponsorships for U-M Online subscribers.

Table of Contents

Uniqname and Password Notifications

• On-screen confirmation of uniqname and UMICH Kerberos password to the sponsorship administrator. This is the only notification of this information. It is the sponsorship administrator's responsibility to convey the password in a secure manner to either the requester or the sponsored individual.
• E-mail notification of uniqname to sponsored individual. An e-mail message is sent to the non-UMICH e-mail address listed for the sponsored individual with that individual's new uniqname. The message includes information about proper use of University information technology resources and a link to the password reset page. The sponsored person is directed to the sponsorship administrator for his or her initial password.

  IMPORTANT! E-mail notifications are not sent to people sponsored using file import. Users have reported that they do not want these notifications sent when sponsorships are created in groups.

• E-mail confirmation to requester. During the sponsorship set up process, the sponsorship must list a requester—the person who requested the sponsorship. E-mail is sent to this person confirming that the requested sponsorship has been set up and providing the uniqname.

See Appendix: Sample E-Mail Notifications below for the text of the messages.

Table of Contents

Sponsorship Expiry

The sponsorship administrator receives an e-mail notification two weeks (14 days) before any sponsorship they set up will expire. No notice is sent for sponsorships lasting less than two weeks. The administrator can renew the sponsorship if needed by changing the end date. (See Appendix: Sample Notifications below for a sample of the e-mail notification.)

What happens on expiry depends on the identity type—strong or weak. If there are multiple sponsorships, the expiry process happens when the last sponsorship ends.

When Sponsorships with STRONG Identities Expire

1. On the end date, the sponsorship expires.* (Before the end date, the sponsorship can be extended; after the end date, it cannot be extended. New sponsorships can be added at any time.)
2. The uniqname is deactivated and stops working (that is, the sponsored person can no longer log in to anything using that uniqname). Because M-Pathways/Wolverine Access entries are created for sponsored people with strong identities, their uniqnames can be reactivated with sufficient proof that the person requesting reactivation is indeed the same person the original uniqname belonged to.
3. The sponsored person's entry is removed from the U-M Online Directory. This means that e-mail forwarding stops.
4. Any computing services (such as e-mail and IFS space) assigned to that uniqname are ended on the same date the last sponsorship ends. They can be reactivated only if the process that disables and purges ITS computing services has not yet run.

NOTE: If a sponsored person with a strong identity becomes an employee or student, their uniqname and any associated ITS computing services will continue, even after their sponsorship expires, because of their new affiliation.

When Sponsorships with WEAK Identities Expire

1. On the end date, the sponsorship expires.* (Before the end date, the sponsorship can be extended; after the end date, it cannot be extended. New sponsorships can be added before the end date only; sponsorships cannot be added after the identity has expired.)
2. The uniqname is deactivated and stops working (that is, the sponsored person can no longer log in to anything using that uniqname).
3. The sponsored person's entry is removed from the U-M Online Directory. This means that e-mail forwarding stops.
4. The uniqname is permanently retired and therefore unavailable (that is, it can never be used again). The uniqname is retired because there is not enough identity information on record to validate the person's identity for re-use of the uniqname. The identity has fully expired.
5. Any computing services (such as e-mail and IFS space) assigned to that retired uniqname are ended. Computing services cannot be transferred to a new uniqname or reactivated.

Tips For Managing Sponsorship Expiry

• When you set up a sponsorship, set the end date to allow yourself a little extra time in case you later need to extend the sponsorship. For example, you might set the end date for a conference sponsorship to be five days after the end of the conference.
• Tell sponsored people that if they want to keep any files or messages after their sponsorship ends, they will need to save them ahead of time. They can send them to their non-UMICH e-mail account or save them on a flash drive, for example.

Table of Contents

Password Resets for Sponsored Individuals

Regular Uniqnames, Strong Identities

This includes contractors, incoming faculty/staff, temporary staff, visiting researchers/scholars, and U-M Online subscribers.

Regular or Temporary Uniqnames, Weak Identities

This includes VIPs, conference/program participants, wireless users, and other short-term guests.

Table of Contents

Transitioning Between Sponsorship and Identity Types

Sponsorships with Temporary Uniqnames

Sponsorships with Regular Uniqnames

Some sponsored people, such as incoming faculty members, will transition from being sponsored to being regular members of the University community who are included in one of the authoritative data feeds, such as the feed of employee data from M-Pathways.

MCommunity will reconcile the information from M-Pathways with that in the Sponsor System, and allow the person to keep the uniqname she or he is using—as long as there is enough identity information in the Sponsr System to match the two records. It is essential that enough identity data for a strong identity be provided for persons who will make this transition.

Table of Contents

Additional Resources

Visit ITS's Information System to obtain ITS computer documentation and other resources. A list of relevant documents follows:

Using the MCommunity Sponsor System Via the Web (S4356)

MCommunity Overview (R1457)

MCommunity Sponsorship Administration Policies and Agreement (R1459)

MCommunity Sponsoring Authority Policies and Agreement (R1460)

We welcome your comments; please send e-mail.

ITS's Online Help Desk provides a variety of computing help resources.

Please direct questions about the MCommunity Project to the MCommunity leads at MCommunity.Leads@umich.edu.

Table of Contents

Appendix: Sample E-Mail Notifications

E-Mail Notification of Uniqname to Sponsored Individual

This is the text of the message sent:

To: the newly sponsored individual

Subject: Your U-M uniqname and password

Welcome!

You are now a sponsored member of the University of Michigan Community. You may use the uniqname below, in conjunction with a password, to log in to the U-M computing services and resources that your sponsoring department has authorized you to use. The sponsoring department will contact you and provide you with your password.

Sponsorship Start Date: Month DD, YYYY
Sponsorship End Date: Month DD, YYYY
Sponsoring Department: Department name

Uniqname: xxxxxxxx

You can change your password to something that is easier for you to remember at this web page: https://accounts.itcs.umich.edu/kpasswd-bin/kpasswd.cgi

By using the University's technology services, you agree to follow U-M information technology policies and guidelines for responsible use. Inappropriate use of U-M technology resources may result in termination of access, disciplinary review, expulsion from the University, termination of employment, legal action, or other disciplinary action. For information about responsible and appropriate use, see http://www.itcs.umich.edu/security/policies.html

If you have questions about your sponsorship or your uniqname and password, you can contact the ITS Accounts Office at 734-764-8000, Option 3, or itcs.accounts@umich.edu.

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to inform you of your U-M sponsorship and your uniqname and password.)

E-Mail Confirmation to Requester

To: Requester

Subject: MCommunity Sponsorship(s) Created

The sponsorship(s) below has/have been created in the MCommunity Sponsor System at your request:

Sponsorship Start Date: Month DD, YYYY
Sponsorship End Date: Month DD, YYYY
Sponsoring Department: Department Name
Sponsorship Administrator: Name and E-Mail Address
Reason for Sponsorship: Business Reason

Sponsored People: Full Name, uniqname

If you have questions about this or need any changes made, please contact the sponsorship administrator listed above. You can also contact the ITS Accounts Office (itcs.accounts@umich.edu or (734) 764-8000, Option 3).

If you need computing services set up for the sponsored individual(s), please contact the ITS Accounts Office. You can use the Computing Services for Sponsored Persons Request Form, which is available on the Accounts Office webpage, to request services.
http://www.itcs.umich.edu/accounts/index.html#forms

Please note that wireless access is provided automatically to all sponsored individuals at no charge; you do not need to request it.

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to confirm sponsorship creation.)

E-Mail Notification to Sponsorship Administrator of Sponsorship Expiration

To: Sponsorship Administrator

Subject: MCommunity Sponsorship(s) to Expire [Month DD, YYYY]

The MCommunity sponsorship(s) listed below will expire on:
Month DD, YYYY

Unless these sponsored individuals have other active sponsorships, they will lose the ability to use their uniqname and password when the sponsorships expire.

You can use the MCommunity Sponsor System to extend the end date of the sponsorships if necessary.

Sponsoring Department: Department Name
Reason for Sponsorship: Reason (for example, "Wireless Users"]

Sponsorships expiring:

Name, uniqname
Name, uniqname

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to inform you about sponsorships that will expire soon.)

Table of Contents

Information and Technology Services