This document provides an overview of the system, including details about uniqname types, identity types, sponsorship lengths, minimum data requirements, notifications sent by the system, what happens when a sponsorship expires, who can reset passwords for sponsored individuals under what circumstances, and more. For step-by-step instructions, see Using the MCommunity Sponsor System Via the Web (S4356).

Table of Contents

What Is MCommunity?

MCommunity will replace the University's current uniqname management system and the U-M Online Directory.

To learn more about MCommunity, see MCommunity Overview (R1457).

Table of Contents

What Is the Sponsor System?

U-M staff members who currently use ITCS's uniqname system to create uniqnames via either WebUniq or the uns command-line tool will instead use the data in MCommunity Sponsor System to create sponsored identities (including uniqnames) via the web or via a command-line tool.

The MCommunity Sponsor System is a tool that will be used for creating and managing digital identities (including uniqnames) in MCommunity for sponsored affiliates. Once a sponsored affiliate is included in MCommunity, U-M central units and departments will be able to use MCommunity to provide that person with access to information technology services and resources. The provisioning part of MCommunity will not be available until 2009 or later.

The Sponsor System basically allows units to sponsor people as members of the U-M community for specified periods of time. An individual may be sponsored by more than one unit.

Table of Contents

Who Can Use It?

Sponsor. A U-M unit that sponsors creation and/or management of identities in MCommunity.

Sponsoring Authority. A person who authorizes sponsorship administrators for specified University units and/or departments. It is the responsibility of the sponsoring authority to oversee the sponsorship administrators s/he has authorized and ensure that appropriate policies and guidelines are followed. For more about sponsoring authorities, see MCommunity Sponsoring Authority Policies and Agreement (R1460).

Requester. A person in the sponsoring department who initiates a request for creation of a sponsored identity. For example, a conference organizer might request a number of sponsored identities with uniqnames, or an administrative staff member might request a sponsored identity and uniqname for an incoming faculty member who needs early access to online resources. In some cases, the requester might be the sponsorship administrator.

Sponsorship administrators. The people who enter information into MCommunity using the Sponsor System to create sponsored identities, including uniqnames. For more about sponsorship administrators, see MCommunity Sponsorship Administration Policies and Agreement (R1459).

Departments can have their own sponsorship administrators to manage MCommunity identities for sponsored affiliates for their departments, or they can request that the ITCS Accounts Office manage those MCommunity identities for them.

Table of Contents

Uniqname Creation Options

Uniqname self-registration will be added to the Sponsor System later. This will allow sponsored individuals to select a uniqname and password themselves via a web interface. This will be similar to the uniqname self-registration process already available to new staff, new Ann Arbor students, and alumni.

Table of Contents

Uniqname Types—Regular and Temporary

• Regular uniqnames. Most members of the University community have regular uniqnames. They are made up of three to eight alphabetic characters (for example, bjensen). Regular uniqnames are assigned for life and are never reused. People with regular uniqnames who leave the University and return at a later date can usually reclaim their own uniqname, but no one else can ever use it. However, if a sponsored individual with a regular uniqname and minimal identity information on record (that is, a weak identity) leaves the University and returns later, wanting to reuse his or her uniqname, there will not be enough information on record to match records in other University systems to verify that this is indeed the same person; in that case, the uniqname cannot be reclaimed, and a new uniqname would need to be created if needed.
• Temporary uniqnames. Temporary uniqnames are intended for short-term use, such as access to resources for a summer program participant. They consist of um, followed by a number generated by the MCommunity Sponsor System (for example, um000000). These are never reused. If a sponsorship and temporary uniqname have expired, an individual can be given a new temporary uniqname.

Table of Contents

Identity Types—Strong and Weak

• Strong identity. Most members of the University community have a strong identity. A strong identity in MCommunity has adequate identity data to confidently match it against identities in other U-M systems.

  A strong identity results in an entry in M-Pathways and the creation of a UMID (U-M identification) number in M-Pathways. (For U-M employees, this number is often referred to as an Emplid number.) People who are paid by the University are required to have a UMID in M-Pathways.)

  A strong identity requires one of the following data combinations:

  Data Combination 1 First & Last Name E-Mail Address Social Security Number Date of Birth

  Data Combination 2 First & Last Name E-Mail Address Social Security Number Gender Home Street Address

  Data Combination 3 First & Last Name E-Mail Address Date of Birth Gender Home Street Address

  The ITCS Accounts Office can do password resets over the phone for individuals with strong identities because there is sufficient information on record to verify their identity.

  IMPORTANT! The Sponsor System does not store Social Security numbers. It uses them to search M-Pathways in order to prevent the creation of duplicate entries. Once it completes the search, it discards the Social Security number.

• Weak identity. Minimal information is required to create an entry with a weak identity in the MCommunity Sponsor System—just first name, last name, and a non-UMICH e-mail address. These identities are generally for short-term use.

  Uniqnames associated with weak identities cannot be re-used by their owners after they expire because there is no way to verify identity.

  People with weak identities who forget their passwords must go to the departmental person who originally requested their sponsorship for password resets. The requester can ask a departmental sponsorship administrator to reset the password or can ask the Accounts Office to do it. Either way, the requester must verify the individual's identity; no one else will have sufficient information on record to do so. Before the ITCS Accounts Office can reset a password for a sponsored individual at the request of a departmental staff person, the Accounts Office must verify the staff person's identity and be sure that the staff person is indeed requesting a password reset for the true owner of the uniqname.

Table of Contents

Sponsorship Business Reasons

• Contractors. Contractors work in University departments, but they do not have a U-M job appointment. These individuals often perform the same job duties as U-M staff members, may be granted access to critical University business systems, and are held to the same standards of accountability as U-M staff. For these reasons, a contractor needs a regular uniqname and a strong identity.
• Incoming Faculty/Staff. When units need incoming faculty and staff to have access to U-M computing resources before they have completed the hiring process, those units can sponsor them. They need a regular uniqname and a strong identity so there is sufficient information on record for their employment data to be matched to their sponsorship entry.
• Temporary Staff. Temporary staff members are hired by units for up to one year. They have a U-M job appointment.
• Visiting Researchers/Scholars. These are people who have an academic relationship with the University but who are not U-M students or faculty members. Visiting nurses, visiting scholars, and other academic visitors are in this category. They need a regular uniqname and a strong identity for things such as receiving a stipend from the University or obtaining an ID badge.
• U-M Online Subscribers. U-M Online subscriptions are entered into MCommunity in the form of a sponsorship. Only the ITCS Accounts Office should sponsor U-M Online subscribers.
• VIPs. VIPs (Very Important Persons) include political figures, dignitaries, visiting speakers, and others. They may need a regular uniqname, but the sponsoring unit may feel that a weak identity will suffice because it would be inappropriate to request the personal information needed for a strong identity. Units that sponsor VIPs must accept the responsibility for verifying identity for password resets and other needs because there will not be enough information in MCommunity for the ITCS Accounts Office to do so.
• Associates. This sponsorship reason is for use when a unit needs to give someone a regular uniqname quickly with minimal identity information. Associates include people who need a regular uniqname either because they are likely to have a more direct relationship with the University in the future or because they need access to services that require a regular (not temporary) uniqname. However, these people do not currently need a UMID number. Therefore, the unit can sponsor them with a weak identity for the time being, with the understanding that enough information for a strong identity will be provided later if needed. Examples include vendors and also consultants who work for an agency with which the University contracts and others who do not currently receive direct payment from the University but who need access to U-M computing services for their work.
• Conference/Program Participants. These people receive a temporary uniqname for the duration of a conference or other program.
• Wireless Users. Units can sponsor guests for short-term wireless use at no charge. The sponsored user receives a temporary uniqname and password that can be used to log into the wireless network for a specified period of time.
• Other Short-Term Guests. Use this category to sponsor short-term guests who just need a temporary uniqname and who do not fall into any of the other categories listed above.

Table of Contents

Sponsorship Components Chart

* Sponsorship administrators can change the suggested (default) sponsorship length when they set up sponsorships. The maximum length is 1 year. All sponsorships are renewable.

** Only the ITCS Accounts Office can set up sponsorships for U-M Online subscribers.

Table of Contents

Uniqname and Password Notifications

• On-screen confirmation of uniqname and UMICH Kerberos password to the sponsorship administrator. This is the only notification of this information. It is the sponsorship administrator's responsibility to convey the password in a secure manner to either the requester or the sponsored individual.
• E-mail notification of uniqname to sponsored individual. An e-mail message is sent to the non-UMICH e-mail address listed for the sponsored individual with that individual's new uniqname. The message includes information about proper use of University information technology resources and a link to the password reset page. The sponsored is directed to the sponsorship administrator for his or her initial password.

  IMPORTANT! E-mail notifications are not sent to people sponsored using file import. Users have reported that they do not want these notifications sent when sponsorships are created in groups.

• E-mail confirmation to requester. During the sponsorship set up process, the sponsorship must list a requester—the person who requested the sponsorship. E-mail is sent to this person confirming that the requested sponsorship has been set up and providing the uniqname.

  IMPORTANT! E-mail notifications are not sent to requesters when people are sponsored using file import. The result would have been multiple e-mail messages—one for each sponsored person—and users asked that multiple notifications not be sent.

See Appendix: Sample E-Mail Notifications below for the text of the messages.

Table of Contents

Sponsorship Expiry

When all of a sponsored individual's sponsorships expire, the sponsored individual can no longer use his or her uniqname and password to log in to U-M computing services. (The uniqname is disabled by the removal of the person's Kerberos credentials from the U-M KDC (Kerberos Distribution Center) and deletion of the VICE ID, a user identification number used in Unix and Linux systems).

The sponsorship administrator receives an e-mail notification two weeks (14 days) before any sponsorship they requested will expire. The administrator can renew the sponsorship if needed by changing the end date. (See Appendix: Sample Notifications below for a sample of the e-mail notification.)

Table of Contents

Password Resets for Sponsored Individuals

Regular Uniqnames, Strong Identities

This includes contractors, incoming faculty/staff, temporary staff, visiting researchers/scholars, and U-M Online subscribers.

Regular or Temporary Uniqnames, Weak Identities

This includes VIPs, conference/program participants, wireless users, and other short-term guests.

Table of Contents

Transitioning Between Sponsorship and Identity Types

Sponsorships with Temporary Uniqnames

Sponsorships with Regular Uniqnames

Some sponsored people, such as incoming faculty members, will transition from being sponsored to being regular members of the University community who are included in one of the authoritative data feeds, such as the feed of employee data from M-Pathways.

MCommunity will reconcile the information from M-Pathways with that in the Sponsor System, and allow the person to keep the uniqname she or he is using—as long as there is enough identity information in the Sponsr System to match the two records. It is essential that enough identity data for a strong identity be provided for persons who will make this transition.

Table of Contents

Additional Resources

Visit ITCS's Information System to obtain ITCS computer documentation and other resources. A list of relevant documents follows:

Using the MCommunity Sponsor System Via the Web (S4356)

MCommunity Overview (R1457)

MCommunity Sponsorship Administration Policies and Agreement (R1459)

MCommunity Sponsoring Authority Policies and Agreement (R1460)

We welcome your comments; please send e-mail.

ITCS's Online Help Desk provides a variety of computing help resources.

Please direct questions about the MCommunity Project to the MCommunity leads at MCommunity.Leads@umich.edu.

Table of Contents

Appendix: Sample E-Mail Notifications

E-Mail Notification of Uniqname to Sponsored Individual

To: the newly sponsored individual

Subject: Your U-M uniqname and password

Welcome!

You are now a sponsored member of the University of Michigan Community. You may use the uniqname below, in conjunction with a password, to log in to the U-M computing services and resources that your sponsoring department has authorized you to use. The sponsoring department will contact you and provide you with your password.

Sponsorship Start Date: Month DD, YYYY
Sponsorship End Date: Month DD, YYYY
Sponsoring Department: Department name

Uniqname: xxxxxxxx

You can change your password to something that is easier for you to remember at this web page: https://accounts.itcs.umich.edu/kpasswd-bin/kpasswd.cgi

By using the University's technology services, you agree to follow U-M information technology policies and guidelines for responsible use. Inappropriate use of U-M technology resources may result in termination of access, disciplinary review, expulsion from the University, termination of employment, legal action, or other disciplinary action. For information about responsible and appropriate use, see http://www.itcs.umich.edu/security/policies.html

If you have questions about your sponsorship or your uniqname and password, you can contact the ITCS Accounts Office at 734-764-8000, Option 3, or itcs.accounts@umich.edu.

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to inform you of your U-M sponsorship and your uniqname and password.)

E-Mail Confirmation to Requester

To: Requester

Subject: MCommunity Sponsorship(s) Created

The sponsorship(s) below has/have been created in the MCommunity Sponsor System at your request:

Sponsorship Start Date: Month DD, YYYY
Sponsorship End Date: Month DD, YYYY
Sponsoring Department: Department Name
Sponsorship Administrator: Name and E-Mail Address

Sponsored People: Full Name, uniqname

If you have questions about this or need any changes made, please contact the sponsorship administrator listed above. You can also contact the ITCS Accounts Office (itcs.accounts@umich.edu or (734) 764-8000, Option 3).

If you need computing services set up for the sponsored individual(s), please contact the ITCS Accounts Office. You will need to provide the uniqname(s) and let them know what services you need. Please note that wireless access is provided automatically to all sponsored individuals at no charge; you do not need to request this.

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to confirm sponsorship creation.)

E-Mail Notification to Sponsorship Administrator of Sponsorship Expiration

To: Sponsorship Administrator

Subject: MCommunity Sponsorship(s) to Expire [Month DD, YYYY]

The MCommunity sponsorship(s) listed below will expire on:
Month DD, YYYY

Unless these sponsored individuals have other active sponsorships, they will lose the ability to use their uniqname and password when the sponsorships expire.

You can use the MCommunity Sponsor System to extend the end date of the sponsorships if necessary.

Sponsoring Department: Department Name
Reason for Sponsorship: Reason (for example, "Wireless Users"]

Sponsorships expiring:

Name, uniqname
Name, uniqname

(This is an automated message sent by the University of Michigan MCommunity Sponsor System to inform you about sponsorships that will expire soon.)

Table of Contents

Information Technology Central Services at the University of Michigan