- Who is eligible for a Guest Account?
- Who can sponsor a guest?
- How long will a guest account be valid?
- What type of accounts can be requested?
- What if my guest needs a UR and a URMC domain account?
- Why can't I select a URMC Active Directory account?
- Why will every guest receive both a NetID and an Active Directory account?
- What do the statuses mean in the Guest Account System?
- What if I'm hiring a contract employee through Strong Staffing?
- What if I am onboarding a voluntary faculty member?
- What if I have multiple guests to submit at once?
- Do I need to sponsor a guest if they already have an enabled Active Directory account?
- What should I do when my guest's access is no longer needed?
- What are my responsibilities as a sponsor of a guest?
- How do I add a UR or URMC account to my existing guest that I did not include in my original guest request?
- How do I update the Outlook Global Address List (GAL) with my guest's office location and phone number?
- When will the Sponsorship End?
- How do I Change Sponsorship for a Guest?
- URMC Vendor FAQs:
Who is eligible for a Guest Account?
Contractor | Individuals such as contract staff, traveling clinicians and locums who enter into a relationship with the University. (Example: contract employees from TekSystems) |
Retired Faculty | Individuals from external companies that provide services for the University. (Example: employees from Xerox who need accounts to maintain UofR printers) |
Student Guest | Interns, student researchers, and members of student programs which are not managed through UR Student |
University Affiliate | Individuals from partner companies or institutions who enter into a relationship with the University (Example: Community Physicians, Visiting Faculty, Visiting Residents, etc.) |
Visiting Medical Instructor | A teaching faculty from another institution who instructs clinicians at URMC. Their accounts are created with a _FAC suffix in the account name. |
Visiting Medical Student | A medical student from another hospital who is performing a rotation at URMC or an affiliate hospital. Their accounts are created with a _STU suffix in the account name. |
Researcher | Individuals outside the university who need UofR accounts as part of collaborating with UofR researchers |
Vendor | Individuals from external companies that provide services for the University. (Example: employees from Xerox who need accounts to maintain UofR printers) |
Other | Persons who need access to university resources but who do not fit any of the above categories |
Who can sponsor a guest?
Active University, URMC and Affiliate Hospital employees can sponsor and manage their guests in the Guest Account System.
How long will a guest account be valid?
This will depend on the needs of the guest, and the permission granted by the sponsor. The maximum term of a guest account is thirteen months; however, it can be renewed each year.
What type of accounts can be requested?
Account Type | Required | Example Systems |
---|---|---|
NetID | Yes | Blackboard, MyPath, University VPN, UR Financials and other NetID authenticated services |
UR Active Directory (Domain) Account | Optional2 | UR_Connected wireless, UR Office 365 email and other UR AD authenticated services |
URMC Active Directory (Domain) Account 1 | Optional2 | URMC email, eRecord, URMC VPN, URMC Wireless, Citrix and other URMC AD authenticated services |
1 Requires the sponsor to have an enabled URMC Active Directory account.
2 Sponsors must choose either a UR or a URMC Active Directory Account in addition to the required NetID
What if my guest needs a UR and a URMC domain account?
Both a UR and URMC account can be requested on the Guest Account System’s “Select Accounts” screen as long as the sponsor has an enabled URMC Active Directory account.
Why can't I select a URMC Active Directory account?
For protection of URMC resources, only sponsors that have an existing enabled URMC Active Directory domain account can request URMC accounts. If you are a UR employee and need to have a guest account setup to access HIPAA compliant Zoom or have another valid reason to have a URMC account, please have another employee in your group that has a URMC domain account create a guest URMC account for you. Within a few minutes of you having an enabled URMC account you will be able to request URMC Active Directory accounts.
If no one in your group has a URMC account or your normal requestor is not available, please reach out to the University IT Help Desk at 585-275-2000 or UnivITHelp@rochester.edu. If no one in your group has had a URMC account in the past, please include a business reason for your request.
Why will every guest receive both a NetID and an Active Directory account?
Applications use a variety of account types, and that many apps are in a transition phase from NetID to Active Directory. Creating both account types for everyone will ensure a smoother transition as apps migrate to Active Directory.
What do the statuses mean in the Guest Account System?
Waiting for Guest: Sponsor has submitted guest account request and is waiting for the guest to complete his/her information.
Timed Out: Guest did not fill out his/her information during the two-week time period.
Waiting for Identity Resolution: Account creation in process.
Active: Guest account has been created.
Expired: Guest account is no longer active.
Error: There was an issue processing the sponsorship. Contact the IT Help Desk at (585) 275-2000 or univithelp@rochester.edu for more information.
What if I'm hiring a contract employee through Strong Staffing?
Today, accounts for Strong Staffing contractors are created by sponsoring them in the Guest Account System the same as other contractors.
In the future (likely September 2021), accounts for Strong Staffing contractors will be created automatically and sponsorships in the Guest Account System will no longer be needed.
What if I am onboarding a voluntary faculty member?
If URMC sponsors previously requested an expiring account for a HRMS Voluntary Faculty or Strong Staffer, they can enter those users as an employee in ADTools.
These accounts no longer expire and will be disabled when they no longer have an active relationships.
What if I have multiple guests to submit at once?
The application provides a mechanism for submitting multiple guest sponsorships in a single bulk request.
The communication workflow differs between single guest sponsorships and bulk sponsorships.
For single sponsorships, once the account is created, the activation information is sent to the sponsor. The sponsor then forwards this information to their guest when they’re ready for the guest to initialize their accounts.
For bulk sponsorships, once each account is created, the activation information is sent directly to the guest. The sponsor does not receive automated notifications as the accounts are created. If you need to know the account names and creation status, you can view this information in the application.
- See “How to Sponsor Multiple Guests” Tutorial
Do I need to sponsor a guest if they already have an enabled Active Directory account?
Yes. For example, if a person already has an account due to another relationship, such as being a student or contractor in another division, it’s still important that you sponsor them for the relationship they’re entering with you. The sponsorship will be associated with the existing account. If the other relationship ends, such as the withdrawing from a student program, or ending the other contract relationship, your sponsorship is necessary to keep the account from being disabled.
What should I do when my guest's access is no longer needed?
Normally no action is needed.
Accounts are disabled through automation the morning after the expiration date. For example, if the expiration date is set for Jun 30th, the account will be disabled between midnight and 6am July 1st, assuming no other active employment, student, or sponsored relationships entitle the account to remain active.
If you need the account to be disabled at a specific time, login to the Guest Account System and select “End Sponsorship”. This will disable the account immediately, or alert you that the account cannot be disabled due to other active employment, student, or sponsored relationships. If the account cannot be disabled, you may need to manually remove the specific access rights that are no longer needed.
What are my responsibilities as a sponsor of a guest?
- Sponsored accounts are required for individuals who enter into a relationship with the University as contract labor staff, volunteers, vendors, community physicians, visitors from other institutions, etc.
- Request guest accounts no more than 30 days before your guest is expected to start working.
- For bulk accounts, requests should be submitted no more than a week before your guest are expected to begin working.
- For individual accounts, the creation email will need to be forwarded to the guest.
- Taking action on messages you receive from idm-noreply@ur.rochester.edu, Display Name ‘University of Rochester Identity Management System‘
- Ensuring your guest follows all of the IT policies at https://tech.rochester.edu/policy/ including:
- Individual user passwords shall not be shared
- User identity shall be verified before performing password resets
- Any device used to connect to the network shall use full-disk encryption and anti-virus software to protect the confidentiality of information on laptops and other mobile devices
- Authorizing access to University resources for the individual identified
- Acknowledging that a copy of this request will be emailed to your manager
- Terminating your guest’s access when that access is no longer needed
- Renewing your guest’s access before it expires
- Ensuring that a new sponsor is put in place before leaving for a different position
How do I add a UR or URMC account to my existing guest that I did not include in my original guest request?
If you have an account that you sponsored and need to add either a URMC or UR domain account, please contact the University IT Help Desk at 585-275-2000 (UnivITHelp@rochester.edu).
How do I update the Outlook Global Address List (GAL) with my guest's office location and phone number?
To update a UR Active Directory account, please contact the University IT Help Desk at 585-275-2000 (UnivITHelp@rochester.edu).
When will the Sponsorship End?
The sponsorship will be ended by automation on the day following the expiration date set in the Guest Account System between 4AM and 6AM. For example. if the expiration date is set to May 31st, 2022, automation will end the relationship between 4:00 and 6:00 AM on June 1st, 2022.
Their account(s) will be disabled if they have no other relationships. If they have another relationship, their permissions for this sponsor’s relationship will be removed, but their account(s) will remain active.
How do I Change Sponsorship for a Guest?
Please reach out to the University IT Help Desk at 585-275-2000 or UnivITHelp@rochester.edu to change the sponsor of an active guest.
URMC Vendor FAQs:
Why can’t I select a URMC account with the vendor guest type?
- To protect URMC resources, only established sponsors of record or members of ISD can submit vendor requests in the Guest Account System. If you receive the “YOU DON’T HAVE ACCESS TO THIS ACCOUNT TYPE” error message and believe that you should have access to request accounts for a particular vendor, please reach out to the University IT Help Desk at 585-275-2000 or UnivITHelp@rochester.edu.
What if my URMC vendor company is not in the vendor dropdown list?
- ALL vendors need to be approved by Risk and Compliance.
- If the vendor has already been approved by Risk and Compliance, but is not in the list, please contact the University IT Help Desk at 585-275-2000 (UnivITHelp@rochester.edu).
- If the vendor has not completed an IT Security Questionnaire yet, please have the sponsor submit the initial “New Assessment” through the Third Party Assessment portal at https://www.rochester.edu/it/3pa/, by logging into the system with your NetID. If you are not familiar with 3PA, you can find instructions at https://tech.rochester.edu/tutorials/3pa-getting-started/. Once you as the sponsor fill out the initial “New Assessment”, the 3PA system will send an email with a user name and password for 3PA to the contact indicated in your assessment. If they vendor has any questions while filling out the questionnaire, they can reach out to 3PA support at 3PA@URMC.Rochester.edu <mailto:3PA@URMC.Rochester.edu>.
How do I setup a brand new vendor that has never performed work at UR?
- ALL vendors need to be approved by Risk and Compliance.
- If the vendor has not completed an IT Security Questionnaire yet, please have the sponsor submit the initial “New Assessment” through the Third Party Assessment portal at https://www.rochester.edu/it/3pa/, by logging into the system with your NetID. If you are not familiar with 3PA, you can find instructions at https://tech.rochester.edu/tutorials/3pa-getting-started/. Once you as the sponsor fill out the initial “New Assessment”, the 3PA system will send an email with a user name and password for 3PA to the contact indicated in your assessment. If they vendor has any questions while filling out the questionnaire, they can reach out to 3PA support at 3PA@URMC.Rochester.edu.