ORANGE KEY ADMIN HANDBOOK KEY ADMIN HANDBOOK ... View Only, ITC/ITS Level, and ID ... mail Distribution Lists – This screen will show you the current Email

ORANGE KEY ADMIN HANDBOOK

For Oklahoma State University

DRAFT

Last Updated: 12/19/2008

Page 1

Access to O‐Key Admin is allocated to those individuals working for Oklahoma State University and A&M Institutions that require the ability to view personal information regarding University community

members. Admin rights are allocated at three levels: View Only, ITC/ITS Level, and ID Level. Access to O‐Key Admin is subject to Information Technology approval, and requests must be generated via the

departmental or college ITC. Click the links below for information regarding what accesses are associated with each level.

Instructional Documentation • How to Request access to O‐Key Admin ......................................................... 3 • Access Level Reference Charts ........................................................................ 4 • View Only Level (Level 1) ................................................................................ #

o Meta Lookup Screen ........................................................................... 8 o Example Profile at View Only Level .................................................... 9

• ITC/ITS Level (Level 2) ..................................................................................... # o Meta Lookup Screen ......................................................................... 12 o Example Profile at ITC/ITS Level ....................................................... 13

• ID Level (Level 3) ............................................................................................. # o Meta Lookup Screen ......................................................................... 18 o Example Profile at ID Level ............................................................... 19

• How to access O‐Key Admin (General) .......................................................... 24 • How to search for a profile in O‐Key Admin (General).................................. 24 • Roles and Groups .......................................................................................... 25

Frequently Asked Questions By Customers and Technicians

• What if a customer has multiple profiles? .................................................... 26 • Where would a customer go to get assistance activating? ........................... 26 • What are some common reasons for not being able to activate? ................ 26 • How often does a customer have to change their O‐Key password? ........... 27 • What if the customer forgets their password AND challenge response? ..... 27 • How would a customer setup a preferred first name? ................................. 28 • What if a customer uses a professional last name? ...................................... 28 • What if a customer legally changes his or her name? .................................. 28 • How would a customer change his/her userid/username? .......................... 29 • What is the privacy flag on a student profile? .............................................. 29 • How to verify student course enrollment ..................................................... 30

Page 2

How to request O‐Key Admin access – RETURN TO TOC Requests to access O‐Key Admin at any level should be submitted to Information Technology by the departmental or college ITC. Requests are subject to Information Technology approval at all levels. The following information details what information must be included with each request. NOTE: This same process can be used to REMOVE access rights from a former employee, as well. Additional information can be obtained by contacting the Information Technology Identity Management Office by calling 405‐744‐7887 or by emailing [email protected].

1. Review this handbook to determine the appropriate admin level based on the employee’s need. 2. Contact the Information Technology Identity Management Office should you need to confirm

the identity of your departmental or college ITC. 3. The departmental or college ITC should send an email to the OSU‐Stillwater Information

Technology Identity Management Office at [email protected] with the following information included. A sample request is provided.

a. First and Last Name of the person to whom the rights will be allocated b. O‐Key Username of the person to whom the rights will be allocated c. The requested level of admin rights d. A brief explanation as to why this person requires access at that level

Example Request: Subject: O‐Key Admin Request – P. Pete Body of Message: Please grant Pistol Pete (O‐Key Username = pistolp) the ITC/ITS level of O‐Key Admin access, as per the ITC for OSU‐Tulsa. He is a student employee in our office and requires the ability to confirm customer information and assist with technical support issues. Please contact the OSU‐Tulsa ITC if you have any questions by calling <ITC First and Last Name> at <ITC Phone Number or Email Address>. Thanks!

4. By submitting your request to the IT Identity Management Office, a c.Support Incident Ticket will be generated and routed to the appropriate IT personnel.

5. The request will be reviewed, and if approved, access rights granted. If questions arise regarding the request, the requestor (ITC) will be contacted.

6. Once the access rights are granted, the ITC will have the opportunity to receive or otherwise access the O‐Key Admin Handbook to distribute to the new O‐Key Admin.

Page 3

mailto:[email protected]


Access Level Reference Chart – RETURN TO TOC Meta Lookup Levels (screen shown after authentication to admin) User FE View Only ITC/ITS ID Admin Meta Lookup X X X Rollback (Software Svc Only) Move Home Drives X Role Information X X X Global Group Information X X X Email Distribution List Information X X X Global Group Request X X X Global Group Admin X X Distribution Group Admin X X Request Service Account X X X Service Accounts by Department X X Systems Migration X X Activation List X X Data Migration X X Exchange Report X X Rollback Report X Name Change X X Client Lookup X X Net Drive Report Campus Email Report X Logout X X X Help X X X Admin Section Levels (links on left side of individual profile) User FE View Only ITC/ITS ID Admin Proxy Access X Initiate Wizard X Sync Usernames X Password X Challenge Question X Contact Info X X Login Address X Email Destination X Delete Address or Phone X Email Quota X Campus Alerts X Home Drive Information X X X Professional Last Name X X Activation Code Switch X X Migration Status X Name Information X X OpenLDAP X X X LDAP CN’s X X Service Account Current List X X X Service Account Create New X Meta Roles X

Page 4

Global Groups X X Email Distribution Lists X X X AD Global Groups X X X Audit Log X X X Error Log X X X Course Information X X X Online Directory Email X Expertise Information (read only) X X X Software Keys X X X Add Notes X X X Voice Mail X Security Lock Information X X User's Profile X X X Close User X X X Logout X X X Help X X X Profile Page Levels (information displayed in center of profile screen) User FE View Only ITC/ITS ID Admin Okey Password Expires X X X Okey Password Set Date X X X Okey Password Set By X X X First Name X X X Middle Initial X X X Last Name X X X Preferred Name X X X Professional Last Name X X X Privacy Flag X X X O-Key Username X X X Directory Key X X X SSN (last 5) X ISO X X X Card Issue Number X X X Birth Date X X Prism UserID X X X Prism Default Password X Affiliated Address X X X Affiliated Phone X X X Department X X X Date Activated X X X Shows In GAL X X X Update Mail Routing X X X Openldap Email address Login Address X X X Email Quota X X X Exchange Web Access X X X Exchange Mail Server X X X MailStore X X X

Page 5

Current Challenge Question X X X Current Challenge Response X X Roles X X X Global Groups X X X Email Distribution Lists X X X CWID X X X SCT OPID X X X Target Page Levels User FE View Only ITC/ITS ID Admin Migration Checkbox X Service Account Current List Levels User FE View Only ITC/ITS ID Admin Activate/Modify Column X Service Accounts ID Admin can activate and modify service accounts ITC/ITS and View Only can only view a service accounts profile OpenLDAP Page User FE View Only ITC/ITS ID Admin Forwarding Email Address X X X DN X X X Common Names X X X Delete Common Names X Add Common Names X Voice Mail Page User FE View Only ITC/ITS ID Admin Voice Mail Pin X X X Attendant X X X Security Lock Information User FE View Only ITC/ITS ID Admin Lock Account X X X Unlock Account X

Page 6

Service Account Profile User FE View Only ITC/ITS ID Admin Service Account Profile X X X Edit Service Account Information X Change Password X Transfer Ownership X Extend Expiration Date X Global Groups X Add Secondary Owner X Remove Secondary Owner X Change Email Address X Forwarding Address X Disable Account X Security Lock Information X Openldap Information X Audit Log X Error Log X Owner Profile (if not the owner of the service account)

X

Page 7

Access Level – VIEW ONLY – RETURN TO TOC The following information will describe in detail what an admin at the View Only level can accomplish. Screen captures are provided for clarification. If any questions arise regarding this access level, please contact the OSU‐Stillwater IT Helpdesk by calling 405‐744‐HELP (4357) or by emailing [email protected]. The appropriate IT personnel will be contacted. The following is a screen capture regarding what an admin at the View Only level can see after authentication. This screen is sometimes referred to as the Meta Lookup screen. We will now cover what each link on the left side of this screen can accomplish, and then we will cover the individual profiles.

• Meta Lookup – Returns Admin to this search screen • Role Information – This is a list of O‐Key Roles available and their definitions. • Global Group Information – This is a list of O‐Key global groups available and their definitions. • Email Distribution List Information– This is a list of O‐Key email distribution lists and their

definitions. Distribution lists resemble global groups, but are mail‐enabled (users can email a particular group of people associated with the list).

• Global Group Request – The Admin will use this page to generate a request for a new global group. PLEASE NOTE: Global group requests should be approved by the departmental or college ITC or local technical support.

Page 8


• Request Service Account – The admin will use this page to generate a request for a new service account. PLEASE NOTE: Service account requests should be approved by the departmental or college ITC or local technical support.

• Service Accounts by Department – The admin can search for all service accounts associated with a particular division/department code. For example, the division/department code for OSU‐Stillwater Information Technology – Technology Support is AAD3003.

• Logout – This link will log the Admin out of the O‐Key Admin application. • Help – This link will take the Admin to the Information Technology Helpdesk website.

We will assume that your purpose is to look up a particular customer. The following information will detail what an admin at the View Only level can see in a customer profile. The customer we’ve searched for is Mickey Mouse. The first screen capture is of the top portion of the screen, and the next capture is of the bottom portion of the screen once you’ve scrolled down.

Page 9

CLIENT ACCESS INFORMATION –

• Home Drive Information – This link will provide the network path to the customer’s Home drive (H:\) storage space. If a Home drive is not assigned to the customer, you will see an indication that the “Information is not available at this time”

• Name Information – This link will show you the First, Middle, Last and (if applicable) the Professional Last Names associated with this customer at all institutions (all SIS regions and HRS).

OPENLDAP INFORMATION:

• OpenLDAP Information – This screen will show you the current mail routing address listed in LDAP, the DN, the list of CN’s, and an indication as to whether or not the address will publish.

• LDAP CN’s – A list of the current CN’s for the customer. CN’s can be viewed at the ITC/ITS level, and added/removed only at ID Level.

Page 10

ROLES & GROUPS: • Email Distribution Lists – This screen will show you the current Email Distribution Lists to which

the customer is subscribed. At the ID Level only, you will have the opportunity to remove a list or manually add the person to a list.

LOGS:

• Audit Log – Used to view a history of account transactions/processing/updates for a specified time range. When changes are made to an account, it may update one column of data at a time. Therefore, you may see multiple entries for a single transaction. When a record associated with the account has been deleted, there is not a way to update the “Updated By” field, therefore it will use the last username known to have modified the account. Inserting and updating information will display the appropriate username of the technician who performed the action.

• Error Log – Used to view a history of account errors for a specified time range. SERVICES:

• Course Information – List of courses in which the customer is enrolled. • Expertise Information – For faculty only, used to display a photo and/or vitae information on the

OSU News website. • Add Notes – Displays the number of times the user has utilized the “Forgot Password” link, as

well as any other notes a technician may want to add. • User’s Profile – Will return the Admin to the main profile page of the user. • Close User – Will return the Admin to the Meta Lookup screen. • Logout – Will log the Admin out of the O‐Key Admin application.

Page 11

Access Level – ITC/ITS – RETURN TO TOC The following information will describe in detail what an admin at the ITC/ITS level can accomplish. Screen captures are provided for clarification. If any questions arise regarding this access level, please contact the OSU‐Stillwater IT Helpdesk by calling 405‐744‐HELP (4357) or by emailing [email protected]. The appropriate IT personnel will be contacted. The following is a screen capture regarding what an admin at the ITC/ITS level can see after authentication. This screen is sometimes referred to as the Meta Lookup screen. We will now cover what each link on the left side of this screen can accomplish, and then we will cover the individual profiles.

• Meta Lookup – Returns Admin to this search screen • Role Information – This is a list of O‐Key Roles available and their definitions. • Global Group Information – This is a list of O‐Key global groups available and their definitions. • Email Distribution List Information– This is a list of O‐Key email distribution lists and their


Page 12



• Global Group Admin – Batch remove users from global groups, add users to groups individually, generate a CSV file of group members.

• Email Distribution Admin ‐ Batch remove users from distribution lists, add users to lists individually, generate a CSV file of list members.



• Systems Migration – Report related to the migration from Novell to Active Directory. Rarely used at this time.

• Activation List – Report of users eligible to activate an O‐Key account. • Data Migration – Batch change data migration status from yes to no, or vice versa. Rarely used

at this time. • Exchange Report – How many Exchange mailboxes have been created in a specified time range. • Name Change – Report of users that have changed their last name in Meta in a specified time

range. Rarely used at this time. • Client Lookup – Show specific user information. Rarely used at this time. • Campus Email Report – Generates a report of users that are eligible for an A&M campus email

address. Used more often as the A&M’s migrate to OSU’s Exchange email system. • Logout – This link will log the Admin out of the O‐Key Admin application. • Help – This link will take the Admin to the Information Technology Helpdesk website.

Page 13

We will assume that your purpose is to look up a particular customer. The following information will detail what an admin at the ITC/ITS level can see in a customer profile. The customer we’ve searched for is Michael Rodent. The first screen capture is of the top portion of the screen, and the next capture is of the bottom portion of the screen once you’ve scrolled down.

Page 14

PROXY ACCESS INFORMATION: (NOTE: O‐Key account holders are to be held responsible for the modification and maintenance of their own account information. Support personnel are prohibited from the modification of customer information.)

• Contact Information – Used to change a user’s preferred first name or campus contact information.


• Campus Alerts – Used to set the emergency contact information. • Home Drive Information – This link will provide the network path to the customer’s Home drive

(H:\) storage space. If a Home drive is not assigned to the customer, you will see an indication that the “Information is not available at this time”

• Professional Last Name – Used to set a last name other than the user’s legal surname. Performed at the ITC/ITS and ID Levels only. Doing so should result in a [email protected] email address option, if that address is available.

• Activation Code Switch – Used if the user has forgotten their credential required to reset their own O‐Key password. If Activation is set to Disabled, the user cannot “reactivate”. If Activation is set to Enabled, the user can click on the “Activate Account” link on the main O‐Key site, and follow certain steps of the activation wizard to reset their challenge question/response and their O‐Key password.




Page 15


PROOFPOINT INFORMATION:

• ProofPoint Information – List of CN’s associated with the Spam Blocker system. The Spam Blocker settings will apply to the email addresses listed for the user.

SERVICE ACCOUNTS:

• Create New Service Account – ID Level Only. Used to generate requested service accounts. • Current Service Account List – List of service accounts for which the user is assigned as a Primary

or Secondary owner. • Reassign Service Accounts – Used to reassign ALL of the service accounts associated with the

user to another full‐time staff member (ownership level is maintained). In Admin, at the ID Level only.

ROLES & GROUPS:

• Email Distribution Lists – This screen will show you the current Email Distribution Lists to which the customer is subscribed. At the ID Level only, you will have the opportunity to remove a list or manually add the person to a list.

• Global Groups – This screen will show you the current Global Groups with which the customer has been associated, as listed in Meta. At the ID Level only, you will have the opportunity to remove them from, or manually add them to, a global group.

• Group Memberships – This screen will show you the current Global Groups with which the customer has been associated, as listed in Active Directory. At the ID Level only, you will have the opportunity to remove them from, or manually add them to, a global group.

LOGS:



• Course Information – List of courses in which the customer is enrolled. • Expertise Information – For faculty only, used to display a photo and/or vitae information on the

OSU News website. • Software Keys – If user downloads MS Vista, they will need this key code to install the product. • Voice Mail – Used to change the Voice Mail PIN for their campus land line, or set an Operator

number (forwards to this number if the caller goes to voicemail). • Add Notes – Displays the number of times the user has utilized the “Forgot Password” link, as

well as any other notes a technician may want to add. • Security Lock Information – Used to Lock or Unlock an O‐Key account. Unlock is available at the

ID level only.

Page 16

• User’s Profile – Will return the Admin to the main profile page of the user. • Close User – Will return the Admin to the Meta Lookup screen. • Logout – Will log the Admin out of the O‐Key Admin application.

Page 17

Access Level – ID – RETURN TO TOC The following information will describe in detail what an admin at the ID level can accomplish. Screen captures are provided for clarification. If any questions arise regarding this access level, please contact the OSU‐Stillwater IT Helpdesk by calling 405‐744‐HELP (4357) or by emailing [email protected]. The appropriate IT personnel will be contacted. The following is a screen capture regarding what an admin at the ID level can see after authentication. This screen is sometimes referred to as the Meta Lookup screen. We will now cover what each link on the left side of this screen can accomplish, and then we will cover the individual profiles.

• Meta Lookup – Returns Admin to this search screen • Move Home Drives – Typically, Server Admin use only. Move H:\ from one server to another.

For example, if a Tulsa employee becomes a Stillwater student, and wants the H:\ to be with Stillwater instead of Tulsa. Server Admin group will move H:\ to the appropriate server, then use this function to ensure that O‐Key syncs with the change.

• Role Information – This is a list of O‐Key Roles available and their definitions.

Page 18


• Global Group Information – This is a list of O‐Key global groups available and their definitions. • Email Distribution List Information– This is a list of O‐Key email distribution lists and their



• Global Group Admin – Batch remove users from global groups, add users to groups individually, generate a CSV file of group members.

• Email Distribution Admin ‐ Batch remove users from distribution lists, add users to lists individually, generate a CSV file of list members.



• Systems Migration – Report related to the migration from Novell to Active Directory. Rarely used at this time.

• Activation List – Report of users eligible to activate an O‐Key account. • Data Migration – Batch change data migration status from yes to no, or vice versa. Rarely used

at this time. • Exchange Report – How many Exchange mailboxes have been created in a specified time range. • Rollback Report – Typically, used by Software Services only. List of successfully rolled back O‐

Key accounts. Rollbacks can be performed for users that are no longer associated with the university (such as a graduate) that no longer wishes to receive password/account expiration notifications. A rolled back account reverts the activation status to resemble someone that has never activated.

• Name Change – Report of users that have changed their last name in Meta in a specified time range. Rarely used at this time.

• Client Lookup – Show specific user information. Rarely used at this time. • Net Drive Report – Generates a report of those users that have a net drive on a server other

than what their primary net drive would indicate. Rarely used at this time. • Campus Email Report – Generates a report of users that are eligible for an A&M campus email

address. Used more often as the A&M’s migrate to OSU’s Exchange email system. • Logout – This link will log the Admin out of the O‐Key Admin application. • Help – This link will take the Admin to the Information Technology Helpdesk website.

Page 19

We will assume that your purpose is to look up a particular customer. The following information will detail what an admin at the ITC/ITS level can see in a customer profile. The customer we’ve searched for is Michael Rodent. The first screen capture is of the top portion of the screen, and the next capture is of the bottom portion of the screen once you’ve scrolled down.

Page 20

ADMIN LEVEL – ID (links on the left side of the profile – click title to view screen capture) PROXY ACCESS INFORMATION: (NOTE: O‐Key account holders are to be held responsible for the modification and maintenance of their own account information. Support personnel are prohibited from the modification of customer information.)

• Sync Username – Used to sync a user’s O‐Key username with their PRISM userid. • Password – Used to change a user’s O‐Key password. • Challenge Question – Used to change a user’s challenge question or response. • Contact Information – Used to change a user’s preferred first name or campus contact

information. • Login Address – Used to choose an Exchange email address. • Email Destination – Used to choose whether or not to forward inbound email.


• Delete Address or Phone – Used to resolve issues with conflicting addresses (multiple campuses, etc.)

Page 21

• Email Quota – Used to confirm the amount of storage space allocated to the user in Exchange. The quota can be increased only at the ID level. The IT Helpdesk can assist with increases up to 1 GB. Beyond 1 GB, authorization is required by the Technology Support Director.

• Campus Alerts – Used to set the emergency contact information. • Home Drive Information – This link will provide the network path to the customer’s Home drive

(H:\) storage space. If a Home drive is not assigned to the customer, you will see an indication that the “Information is not available at this time”

• Professional Last Name – Used to set a last name other than the user’s legal surname. Performed at the ID Level only. Doing so should result in a [email protected] email address option, if that address is available.

• Activation Code Switch – Used if the user has forgotten their credential required to reset their own O‐Key password. If Activation is set to Disabled, the user cannot “reactivate”. If Activation is set to Enabled, the user can click on the “Activate Account” link on the main O‐Key site, and follow certain steps of the activation wizard to reset their challenge question/response and their O‐Key password.

• Migration Status – Mail Migrated / Data Migrated / Workstation Migrated options are rarely used at this time. However, this screen will indicate whether or not this user will show in the Exchange Address List.





PROOFPOINT INFORMATION:

• ProofPoint Information – List of CN’s associated with the Spam Blocker system. The Spam Blocker settings will apply to the email addresses listed for the user.

SERVICE ACCOUNTS:

• Create New Service Account – ID Level Only. Used to generate requested service accounts. • Current Service Account List – List of service accounts for which the user is assigned as a Primary

or Secondary owner. • Reassign Service Accounts – Used to reassign ALL of the service accounts associated with the

user to another full‐time staff member (ownership level is maintained). In Admin, at the ID Level only.

ROLES & GROUPS:

• Meta Roles – This screen will show you the current O‐Key/Meta roles assigned to the customer. At the ID Level only, you will have the opportunity to remove a role or manually add a role. NOTE: Manually adding a role to a user is subject to authorization from the Technology Support Director.

Page 22

• Email Distribution Lists – This screen will show you the current Email Distribution Lists to which the customer is subscribed. At the ID Level only, you will have the opportunity to remove a list or manually add the person to a list.

• Global Groups – This screen will show you the current Global Groups with which the customer has been associated, as listed in Meta. At the ID Level only, you will have the opportunity to remove them from, or manually add them to, a global group.

• Group Memberships – This screen will show you the current Global Groups with which the customer has been associated, as listed in Active Directory. At the ID Level only, you will have the opportunity to remove them from, or manually add them to, a global group.

LOGS:



• Course Information – List of courses in which the customer is enrolled. • Online Directory Email – The email address that will display for this user in Online Directory. • Expertise Information – For faculty only, used to display a photo and/or vitae information on the

OSU News website. • Software Keys – If user downloads MS Vista, they will need this key code to install the product. • Voice Mail – Used to change the Voice Mail PIN for their campus land line, or set an Operator

number (forwards to this number if the caller goes to voicemail). • Add Notes – Displays the number of times the user has utilized the “Forgot Password” link, as

well as any other notes a technician may want to add. • Security Lock Information – Used to Lock or Unlock an O‐Key account. Unlock is available at the

ID level only. • Block Employee Services – Used to delete all employee services associated with the user, but

retain student services. Blocking and Unblocking employee services is subject to authorization by Systems Security, the Director or Server Administration, and/or the Director of Technology Support.

• User’s Profile – Will return the Admin to the main profile page of the user. • Close User – Will return the Admin to the Meta Lookup screen. • Logout – Will log the Admin out of the O‐Key Admin application.

Page 23

How to access O‐Key Admin – RETURN TO TOC

1. Go to www.okey.okstate.edu/admin 2. Authenticate using your O‐Key credentials 3. You should then see the Meta Lookup page.

How to search for a profile via O‐Key Admin – RETURN TO TOC Once logged in to O‐Key Admin, and you see the Meta Lookup page (see screen cap below of the ITC/ITS level), you can search for an individual user/account by the following variables, then click Search.

6. Campus Wide ID (CWID) 1. O‐Key Username 7. Email address 2. PUD Userid 8. First Name 3. Social Security Number 9. Last Name 4. Directory key

5. ISO (Number on the face of their OSU ID Card)

Page 24

http://www.okey.okstate.edu/admin

What are Roles and Groups in O‐Key? – RETURN TO TOC Roles: Used in O‐Key to allocate access to IT services. The services allocated depend on the type of role(s) the individual is assigned. The types of roles assigned depend on the type(s) of associations with the university the person maintains. Various types of roles have expiration dates associated.

Global Groups: Stored in Active Directory, managed through O‐Key, these groups are also used to allocate access to IT services. The groups assigned sometimes depend on the type(s) of associations with the university the person maintains, and sometimes depend on the role(s) that the person is assigned. Group membership consists of individuals and nested groups. Various group memberships can have an expiration date, but usually only when the membership is manually assigned.

For Example (of course, waaay over simplified…):

Role: AD/EX Eligible Student = If the individual enrolls in a current or future course at OSU, they will receive this role. The allocation of this role indicates to our systems that this person can activate an O‐Key account and utilize our AD and Exchange environments (among several other things). This also means that they will be associated with the following Global Group…

Global Group: STW_LIB_Students = If the individual is enrolled in a current or future course at OSU‐Stillwater, they will be placed into this Global Group. Membership in this group will allocate access to OSU‐Stillwater Digital Library Services (accessing library resources online and remotely).

Page 25

What if a customer has multiple profiles? – RETURN TO TOC Multiple O‐Key accounts for a single individual are normally caused by conflicting information being associated with multiple source systems (SIS Regions v. HRS). OSU‐OKC could have one social security number, while OSU‐Stillwater has another, for example. If you, as an O‐Key Admin, encounter such an issue, send an email to [email protected] with the customer’s name, both CWID’s, an a description of the problem that the client is facing. A ticket will be generated, and the Identity Management Specialist will investigate. Be sure to include the customer’s contact information (email address and telephone number!), as the customer may need to perform some type of action to get the issue resolved as quickly as possible.

Where does a customer go to get assistance activating? – RETURN TO TOC Refer the customer to the OSU‐Stillwater IT Helpdesk by having them call 405‐744‐HELP (4357), by emailing [email protected], or by visiting 113 Mathematical Sciences. A Helpdesk technician will be more than happy to assist. You could also refer them to the Resource Center website, which will provide them with online instruction:

https://it.sharepoint.okstate.edu/TechnologySupport/ResourceCenters/default.aspx

Once at the site, under IT Service Allocation, click on the O‐Key link. Contact the IT Helpdesk for questions or comments about the website.

What are some common reasons for not being able to activate? – RETURN TO TOC The most common reasons are as follows:

The student just enrolled. It takes a couple of days to process enrollment, even longer if the student is with the NOC Gateway program. If they can’t activate on Monday, and they just enrolled on Friday the week before, ask them to wait until Tuesday or Wednesday to try again.

The employee’s HRS assignment has not been processed. Often the employee is under the impression that their EA has been processed and that something is wrong with O‐Key. More often than not, the department has not yet finished processing the paperwork (perhaps the Dean’s office hasn’t signed it yet, so it has not been sent to HR in Whitehurst). Or, Human Resources in Whitehurst have the paperwork in a stack and they’ve not yet had a chance to process. Ask the employee to check the status of their HRS assignment by contacting their Human Resources representative for their department.

The customer gets an error indicating that their information belongs to more than one user. This is usually because their last names don’t match across all source systems (SIS Regions and HRS). Pull up the profile and look at the Name Information link. This will show you the spelling of each last name in each source system. If one is incorrect, send them to the Identity Management Specialist for assistance.

Page 26



https://it.sharepoint.okstate.edu/TechnologySupport/ResourceCenters/default.aspx

How often does a customer have to change their password? – RETURN TO TOC O‐Key passwords expire every 120 days. They will receive an email notification sent to their Okstate.edu mailbox 30, 15, and 7 days prior to the password actually expiring. This is true for Account Expirations, as well. When they do reset their password, they cannot use the same password twice in a row (or for that matter, use a password that they’ve used in the last four renditions). If they have a favorite password, recommend that they change just one character. Perhaps make a capital character lower‐case, or perhaps make a lower‐case character capital. Perhaps include a number at the end. There are many options, but all must adhere to the security policies related to password complexity.

What if a customer forgets their password AND Challenge Response? – RETURN TO TOC The ITC level of O‐Key Admin does not allow the admin to reset the password or change the challenge question response FOR the customer. This restriction is by design, requiring the account owner to be responsible for account attributes and changes. However, the ITC/ITS and ID levels WILL allow the O‐Key Admin access to the Activation Code Switch administrative option, which the View Only level does not. It does add a rather confounding complication if the end user does not recall the proper response to the challenge question. The method by which an ITC/ITS Level O‐Key Admin can assist the person with modifying their password in the event that they’ve forgotten their challenge question response is as follows…

1. Go to www.okey.okstate.edu/admin 2. Search for and view the appropriate O‐Key profile 3. Click on the “Activation Code Switch” link on the left side of the profile page 4. Click the radio button next to “Activation Enabled”, then “Submit”

The end user will then go to www.okey.okstate.edu and click on the “O‐Key Account Activation” button at the top of the page (just as if they had not yet activated their account). They will go through a short activation wizard (not the whole thing all over again) by confirming some personally identifiable information, and then they will be able to enter a new secure password, confirm their preferred email address, and choose a new challenge question/response. The new password should function within 5 to 30 minutes, depending on system traffic. It is very important that the end user maintain full responsibility for the account attributes. By doing so, they stand a much better chance of recalling that information in the future. This also adds an additional layer of security for their account, in that no O‐Key Admin has had access to their personal account information.

Page 27

http://www.okey.okstate.edu/admin

http://www.okey.okstate.edu/

How can the customer setup a Preferred First Name? – RETURN TO TOC Some customers want to be known by a name other than their legal first name. In order to display in the Exchange Address List as that preferred first name, and to generate an email address including the preferred name, ask the customer to perform the following action…

1. Login to www.okey.okstate.edu 2. Confirm Emergency Contact Information , if asked to do so 3. When viewing the O‐Key Profile, click on the Edit Contact Information link 4. Enter a Preferred First Name in the field provided at the top of the screen. 5. Click on Save

Allow approximately two hours for the system to update. Ask the client to log back into their account, and click on Change Login Address on the left side of the profile page. They should see a [email protected] email address option. If the option is not listed, it is possible that someone in the A&M System already has that email address. If you search for the address via the Meta Lookup screen and do not show it as assigned to anyone, it is recommended that you contact the Identity Management Specialist to investigate.

What if a customer uses a Professional Last Name? – RETURN TO TOC

Some customers want to be known by a name other than their legal last name. In order to display in the Exchange Address List as that professional last name, and to generate an email address including the professional name, it is recommended that the customer send an email to [email protected] requesting a Professional Last Name Change, and a brief explanation as to why. Also, include contact information, as likely the Identity Management Specialist will need to contact the individual for more information.

What if a customer legally changes their name? – RETURN TO TOC The customer will need to change his or her name in all source systems (SIS Regions and HRS) in order for the appropriate name to list in O‐Key and the Exchange Address List. Although HRS trumps any SIS Region, the customer will experience complications if all source systems do not match exactly. View the Name Information link of their profile via O‐Key Admin to give them an idea as to which offices they will need to contact. Various offices will require varying documentation, and some even have a form that must be filled out to accompany the legal documentation. Contacting each office to determine their individual process is recommended. If they run into any trouble, refer them to the Identity Management Office.

Page 28

http://www.okey.okstate.edu/



How would a customer change their userid/username? – RETURN TO TOC Userid and Username changes are generally approved only if there poses a security risk, if the person’s userid/username is misspelled, or if the person legally changes their name. Have the customer send an email to [email protected] in order to request the change. Please include their contact information, as often the Identity Management Specialist will need to contact them to discuss details. NOTE: During the process of a userid/username change, some accesses to some systems may be disrupted. Please inform the customer of this so they are SURE that they truly need the change. No longer is the customer forced to see the userid displayed in the email address, so often a customer is fine with the userid/username displaying the old name if he or she knows that really nobody else is going to see it.

What is the Privacy Flag on a student O‐Key profile? – RETURN TO TOC The following details the official information from OSU regarding the Family Educational Rights and Privacy Act of 1974, also known as the Buckley Amendment. The amendment is intended to protect student information and disclosure. If invoked at OSU, the standard records protection applies, as well as the students’ contact information being hidden from our Global Address List, Online Directory, and from our campus operators. The students’ Desire2Learn instructors will still have him or her enrolled and able to be contacted, but the information will not be associated with publicly accessible systems. In order to invoke the Buckley Amendment/Privacy Act, the student will need to visit the OSU‐Stillwater Registrar's Office in 322 Student Union with their OSU ID card (or other valid photo ID). He or she will fill out the form in their office, and they will invoke the amendment/act immediately. Those students associated with a branch campus will need to visit their respective Registrar or Admissions office. It is possible that the students’ personal information will be hidden after an overnight wait, but it may be sooner than that. Please note: If the student is currently, or plans to become, an employee of OSU, the Privacy Act invocation will prevent his or her department from seeing them in the Global Address List (often used to find email addresses and send meeting invitations). This has been somewhat of an irritant to some individuals who are both employees and students, so bear this in mind.

FROM PUBLISHED OSU POLICY:

Students’ Rights to Privacy The Family Educational Rights and Privacy Act of 1974 (Buckley Amendment) was designed to protect the privacy of educational records, to establish the right of students to inspect and review their correction of inaccurate or misleading data through informal and formal hearings. An OSU student has the right to: 1. Inspect and review information contained in his or her educational records. Some form of photo identification must be displayed. 2. Challenge the contents of the educational record. 3. Have a hearing if the outcome of a challenge is unsatisfactory. 4. Submit an

Page 29


explanatory statement for inclusion in the educational record, if the outcome of the hearing is unsatisfactory. 5. Secure a copy of the institutional policy, which includes the location of all educational records. 6. Prevent disclosure, with certain exceptions, of personally identifiable information from the educational record. Withholding Disclosure of Information. Currently enrolled students may withhold disclosure of directory information. A student may file with the Office of the Registrar a written request not to release directory information. The University assumes that failure on the part of any student to specifically request the withholding of directory information indicates individual approval for disclosure. “Directory Information” includes: student’s name; local and permanent address; electronic mail addresses assigned or provided by the institution or provided to the University by the student; telephone number; date and place of birth; major field of study; weight and height of student participating in officially recognized sports; dates and attendance at Oklahoma State University; degrees, honors, and awards granted or received; academic classification such as freshman, sophomore, junior, senior, etc.; sex; educational institutions previously attended; degree(s) held, date(s) granted, and institution(s) granting such degree(s); dissertation or thesis title; adviser or thesis adviser; participation in officially recognized organizations, activities, and sports. Access to Records. No other information regarding students’ educational records may be disclosed to anyone without written consent of students, except to “school officials” who have a “legitimate educational interest” in the student. “School official” is defined as an individual currently serving as a member of the Oklahoma State University Board of Regents or classified as faculty, administrative, or professional and staff such school officials supervise. “Legitimate educational interest: is defined as an interest which results from the duties officially assigned to a school official and which are related to such a school official’s responsibility for facilitating the student’s development. Parents of dependent students may inspect and review their dependents’ educational records. Parents of a dependent student may gain right of access by producing the most current copy of Internal Revenue Form 1040. Location of Records. The Office of the Registrar is the official office of the University for maintaining and releasing information pertaining to the students’ academic records, and the Office of Student Affairs is the official office of the University for maintaining and releasing information pertaining to the students’ discipline records. The Office of the University Placement Services is the official office of the University for collecting and releasing information furnished or authorized by students for the purpose of seeking employment. Placement activities are conducted through several different offices on campus, and a variety of forms are available for the option of the student. The student’s right of inspection will be determined by the option elected in providing information.

How to verify student course enrollment? – RETURN TO TOC View the students’ O‐Key profile and click on the Course Information link. The resulting page should display all of the courses in which the student is officially enrolled, as per SIS. If no courses are listed, and the student insists that they have enrolled, determine WHEN they enrolled. Sometimes it takes several business days to process enrollment. Determine if they are enrolled in NOC courses (if they indicate that they are enrolled in NOC courses more than a week ago, ask them to contact the NOC Admissions desk in Cowboy Mall. Often, processing of enrollment is denied due to a hold of some kind). If neither of these cases fits, try searching for the customer via the Meta Search page by NAME. It is

Page 30

Page 31

possible that the individual has a duplicate ID. If all three cases don’t fit, please ask them to contact the OSU‐Stillwater IT Helpdesk for further assistance. Contact information can be found by visiting http://help.okstate.edu.

NOTE TO ADMIN’S: If there are any recommendations regarding content that you would like to see in this Handbook, please contact the Identity Management Specialist by calling 405‐744‐7887, or by emailing [email protected].

http://help.okstate.edu/


Documents

ORANGE KEY ADMIN HANDBOOK KEY ADMIN HANDBOOK ... View Only, ITC/ITS Level, and ID ... mail Distribution Lists – This screen will show you the current Email