View Current

IT User Account Management Procedures

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Introduction / Background

(1) The University of Wollongong maintains two categories of IT user accounts:

  1. sponsored; and
  2. student accounts.

(2) These Procedures outline the University’s administration of user accounts for authorised users of the University’s IT facilities.

(3) The University of Wollongong is committed to the appropriate use of information technology services in support of its teaching, research, administrative and service functions. This document should be read in conjuction with the IT Acceptable Use Policy which defines the acceptable behaviour expected of users and intending users of the facilities. The University requires users to comply with the IT policies and associated requirements governing the use of IT facilities as a condition of their use. These are accessible on the Policy Directory.

Top of Page

Section 2 - Scope / Application

(4) This Procedure applies to:

  1. all Users of UOW user accounts; and
  2. all sponsors of UOW user accounts

(5) All users should be aware of this document, their responsibilities and legal obligations. All users are required to comply and are bound by law to observe applicable statutory legislation.

Top of Page

Section 3 - Account Management Key Terms

Username

(6) All user accounts are uniquely identified by a username, where the username may be up to ten characters and relates to the name of the account owner. The format of the username is dependent on the type of account.

(7) A username is issued to an individual for the duration of that individual’s affiliation with the University. The facility does not exist to change a username. In the case of a legal name change where extraordinary circumstances justify a username change, an account holder may be issued a new account, given an application made in writing and approved by the Chief Information Digital Officer.

User Account Groups

(8) The University supports two groups of User Accounts these being sponsored accounts and student accounts.

(9) An individual may hold one account from each group at any point in time but should have no more than two accounts.

(10) An individual must only use an account for the purpose provided i.e. for sponsored purposes if a sponsored account and student purposes if a student account.

User Account Sponsors

(11) All user accounts have a sponsor. Organisations sponsoring accounts may be the University, controlled entities of the University, or a recognised community or business affiliate.

(12) The issuing of accounts is dependent upon the agreement set in place between the University and the sponsoring organisation. However, in all cases the University IT policy documents, including this document, apply without exception.

Account Status

(13) The status of a user account may be:

  1. active: an active account is a fully operational account;
  2. expired: an expired account is one where the account password has expired and is required to be reset before the account can be used;
  3. closed (deactivated): a closed (deactivated) account is one where access to the account is revoked given that the account holder no longer satisfies the criteria for holding that type of user account; or
  4. withdrawn (restricted): a withdrawn (restricted) account is one where the users’ access to the account is withdrawn in advance of the official closure of the account. Further details on withdrawing access to an account are provided in clauses 40-41.

Account Holder Entitlements

(14) The University provides access to IT services and facilities to user account holders. Access to these services is based on the privileges of the account’s type, sponsoring organisation and any individual system’s access assigned to the individual account holder.

(15) Exceptions to the standard privileges that apply to an account may be permitted where a request is made in writing and approved by the: Chief Information Digital Officer; Senior Executive; Executive Dean or Director/Chief Officer.

Top of Page

Section 4 - Sponsored Account Management Processes

(16) Sponsored accounts may be one of two types: staff or associate.

(17) To hold a sponsored account an individual must be over 16 years of age. This clause may be waived under exceptional circumstances.

(18) To hold a staff account an individual must:

  1. be a paid staff member of the University;
  2. hold an honorary academic appointment with the University; or
  3. be a University Council-awarded Emeritus Professor or Fellow of the University.

(19) Associate Accounts apply to individuals who are granted access to the University IT facilities and services by virtue of an affiliation with the University. Recognised affiliations are:

  1. contractors and consultants providing services to the University;
  2. visiting academics of the University, other than those holding an honorary academic appointment as in an honorary or visiting fellow;
  3. members of the University Council; or
  4. a member of a recognised business or community affiliate of the University of Wollongong.

(20) Completing the Sponsored User Account form allows an individual to:

  1. request creation of a staff or associate account;
  2. change the sponsor of their account; and
  3. reactivate a deactivated account.

Creation of a New Account

(21) All UOW Pulse, UOW GE and UOW Dubai Accounts are created automatically from the HR onboarding process in Unified up to two weeks prior to their start date.

(22) UOW staff and honorary fellow accounts are created automatically from the onboarding process typically 2-3 business days after submission of all onboarding documentation up to two weeks prior to their start date for casual and ongoing staff and all honorary appointments. A sponsored user account form is not required to create or reactivate accounts for staff and honorary appointments.

(23) IMTS endeavour to create associate accounts within 24 hours of receiving the application form.

(24) The account holder will appear in the contact directory within 24 hours of creation of the account. On entry into the contact directory, the account holder receives an introductory email requesting the user to enter their contact details.

(25) The email address of a user account takes the form of username@uow.edu.au e.g. jbloggs@uow.edu.au.

(26) An alias is created for each account based on a preferred standard of firstname_lastname e.g. joe_bloggs@uow.edu.au. Where duplicates are encountered, IMTS will contact the applicant for selection of a suitable alternative. Given this, the use of firstname_lastname as an assumption for the email address is limited and may result in emails being sent to an unintended recipient. Mail users are encouraged to access the contact directory and the University address book, accessible via individual mail clients, to determine email addresses.

(27) Email accounts must not be set to forward email to a non-UOW email address.

(28) Associate accounts are created for a maximum term of 12 months and are reviewed quarterly.

Closure of an Account

(29) Staff accounts remain active while ever the account holder has a current appointment with the University. The User’s access to their IT account ceases when they are no longer an employee of the University, unless, under extenuating circumstances, the Chief Information Digital Officer deems otherwise.

(30) The closure of Staff accounts is managed automatically based on appointment details maintained in the University HR System. Staff accounts will automatically close when an account holder’s appointment with the University ceases.

(31) Staff account deactivations occur each Monday morning.

(32) Accounts held by University Council honorary award recipients remain active until the University is advised that the account is no longer required.

(33) Staff account holders receive an email indicating the pending closure of their account.

(34) The retention period applied to casual academic appointments is 7 weeks and is intended to ensure that account holders retain their account while ever they continue to work consecutive sessions in the same calendar year. This retention period can be cancelled if written notification is received from the relevant Senior Executive, Executive Dean or Director.

(35) Revoking access to an account in advance of the accounts’ official closure is as outlined under the section Account Withdrawal.

(36) Closure of an account means the account is frozen, i.e. the password is revoked, until such time as the individual resumes employment or the account has been inactive for a period of 12 months, at which time it is deleted.

(37) Account holders who wish to be contactable following the closure of their account should ensure that they record an automatic reply prior to the closure of their account. The automatic reply will continue to operate until the account is deleted.

(38) Email accounts must not be set to forward email to a non-UOW email address when they are deactived.

(39) Sponsored account usernames are not re-used.

(40) The University reserves the right to undertake a periodic audit of sponsored accounts for the purpose of validating active accounts.

(41) The reactivation of staff accounts is an automatic process and occurs within an hour of an appointment being recorded in the HR system.

(42) Closed user accounts are removed from the University contact directory within 24 hours of the accounts closure.

(43) Associate and controlled entity accounts remain active at the discretion of the sponsor and can be closed (deactivated) at any time.

Account Withdrawal/Restriction

(44) A user’s access to their account can be withdrawn or restricted in advance of their account’s official closure following a written request to the delegated authority from the relevant Senior Executive, Executive Dean or Director/Chief Officer, or head of the sponsoring organisation.

(45) Account access may also be temporarily or indefinitely withdrawn or restricted by IMTS in response to a suspected policy violation or a possible or confirmed security breach.

(46) A user whose access has been withdrawn or restricted may request reconsideration of the decision by the delegated authority, who shall consider the withdrawal with the relevant Senior Executive, Executive Dean or Director/Chief Officer or head of the sponsoring organisation. Following this, the delegated authority, shall confirm the withdrawal, or reinstate the account.

Reactivation of an Account

(47) All reactivations of staff accounts will be processed within an hour of onboarding within the HR system.

(48) Associate account holders can request reactivation of a closed account via the relevant account sponsor in their Faculty, Division, or controlled entity. The application must be approved by a recognised user account sponsor.

(49) Once reactivated the user account will be accessible to the account holder under the original username and password.

Passwords

(50) Users must set up the self-service password reset capability (User Account & Password) to enable themselves to reset a forgotten or expired password.

(51) Passwords are created by the account holder and have the following security requirements:

  1. must contain 8-31 characters;
  2. must contain only printable characters;
  3. passwords are case sensitive, e.g. ²a² is not the same as ²A²;
  4. cannot be re-used;
  5. cannot be based on your username (e.g. abc123) or your real name (e.g. jciti03) or any other personal information; and
  6. must differ from your old password by at least three characters.

(52) System generated password resets occur every 366 days. Account holders receive a password expiry notification. If the password is not reset before it expires, the account automatically locks until it is reset.

Top of Page

Section 5 - Student Accounts

Account Creation

(53) An individual may hold only one student account at any point in time.

(54) Student accounts are created using the electronic account creation process. To create a student account, a student must be recognised as a current student in the Student Management Package, which is defined as:

  1. an undergraduate, postgraduate research or postgraduate coursework student who is enrolled in an active course;
  2. a prospective international student with an active confirmation of enrolment and a valid course offer;
  3. a non-award or University college student with a current or prospective subject enrolment;
  4. a miscellaneous student attached to a current miscellaneous student group; and/or
  5. each student account is created with a unique username based on the student’s initials followed by a number.

Account Closure and Deletion

(55) Continued access to the student account is maintained automatically based on records in the University Student Management Package. For the purposes of managing the official closure of a student account, an account remains open while ever an undergraduate, postgraduate coursework, postgraduate research, non-award or University college Student or miscellaneous student has an “active” course. A retention period of six months is accommodated i.e. accounts close six months after the course is completed.

(56) Closure of an account means the account is frozen, i.e. the password is revoked, until such time as the individual resumes study, at which point the account is reactivated. Accounts are automatically reactivated under the original username and password if the account still exists.

(57) Students receive multiple emails indicating the pending closure of their account in the 6 months leading up to the closure of their account.

(58) The closure of an account includes the closure of a Student email account.

(59) Accounts that have been closed for a period of six months are deleted.

(60) Student account usernames are not reused.

(61) A HDR Student may apply for an extension to access their account past their official closure date under extenuating circumstances for a maximum period of 6 months. Approval is required from the Associate Dean of the Faculty and IMTS.

Passwords

(62) Passwords are created by the account holder and have the following security requirements:

  1. must contain 8-31 characters;
  2. must only contain printable characters;
  3. passwords are case sensitive, e.g. "a" is not the same as "A";
  4. cannot be re-used;
  5. cannot be based on your username (e.g. abc123) or your real name (e.g. jciti01) or any other personal information; and
  6. must differ from your old password by at least three characters;

(63) System generated password resets occur every 366 days. Account holders receive a password expiry notification. If the password is not reset the account automatically locks until it is reset.

(64) Users must set up the self-service password reset capability to enable themselves to reset a forgotten or expired password.

Top of Page

Section 6 - Roles and Responsibilities

Account Sponsors

(65) Account sponsors have the following responsibilities:

  1. authorise the creation of sponsored user accounts under their Faculty/Division;
  2. verify individuals being sponsored have a legitimate and viable reason to have access to a sponsored user account;
  3. assist IMTS with periodic audits on non-UOW payroll accounts to verify if accounts should be kept active and that the individual still meets the criteria to hold an associate accounts;
  4. assist IMTS with UOW Payroll Accounts. IMTS advises sponsors which accounts are deactivating each Monday morning, giving the opportunity for sponsors to request for an account to be kept active, for a period of no more than 2 additional pay-runs, pending re-appointment;
  5. authorise access to and or creation of shared mailboxes and mailing lists for their respective areas; and
  6. authorise the reactivation or deactivation of sponsored user accounts as well as request to change sponsor or account type under their authority.
Top of Page

Section 7 - Definitions

Word/Term Definition (with examples if required)
Account Holder Any person granted a User Account with the University of Wollongong
Account Sponsor The individual who holds the appropriate authority to authorise the creation of an individual’s account and has verified that the individual has a legitimate and viable reason to be associated with a specific Faculty, Division or Controlled Entity of the University and be issued with a User Account. The Account Sponsor is responsible for ensuring proper procedure is followed in accordance with IT Policies and Procedures with regards to the management of User Accounts associated with a specific Faculty, Division or Controlled Entity of the University.
Associate Account Accounts that apply to individuals granted access to the University IT Facilities and Services by virtue of an affiliation with the University.
Contact Directory University of Wollongong online staff / contact listing, accessible at http://www.uow.edu.au/about/contacts/
IMTS Information Management and Technology Services
IT Facilities and Services Information Technology facilities operated by or on behalf of the University. This includes services and systems and associated computing hardware and software used for the communication, processing, and storage of information.
Miscellaneous student A miscellaneous student is not formally a student of the University of Wollongong. A miscellaneous student’s affiliation with the University is recorded for the purpose of managing their access to University facilities.
Sponsored Account A User Account issued to Staff or Associates of the University.
Staff All people employed by the University including conjoint appointments, whether on continuing, permanent, fixed term, casual or cadet or traineeship basis.
Staff Account A UOW User Account issued to Staff of the University
Student A person formally enrolled in a course at the University of Wollongong.
Student Account A UOW User Account issued to Students of the University.
University University of Wollongong and controlled entities.
User A person assigned a User Account by the University or a person who is otherwise authorised to use University IT Facilities and Services.
User Account An identity assigned to a User, with an associated username, for the purpose of accessing IT Facilities and Services that require authentication by the user.