What are Password Token Scenarios and Escalation Procedure?

This article summarizes internal password token scenarios and escalation process

Before proceeding with the in-person password token assistance determine if the client is in one of the following scenarios.

Index:

  • Case 1:  You know your current password and it has not expired, but you want to update the password (you have not profiled in the IAM password manager).   
  • Case 2: You have already used the IAM Password Manager Home Page to set your password and you know your current password
  • Case 3: Your current password has expired or you have forgotten your password, and you have already set your password using the Password Manager Home Page
  • Case 4: Your password is expired, have not yet used the IAMPassword Manager Home Page (identity.uillinois.edu) and you still know the expired password.
  • Case 5:  You have forgotten your password, and you have not yet used the IAMPassword Manager Home Page, but you have previously set up UIC password recovery options
  • Case 6:  Supervisor’s assistance with a password token (Password Token Escalation Procedure)
  • Password token escalation steps

Case 1: You know your current UIC Common password and it has not expired, but you want to update the password (you have not switched to the IAM password manager).  
  • Visit identity.uillinois.edu, log in with your current password through the “Change Password” link, set recovery options and then set a new password.
  • Visit identity.uillinois.edu, log in with your current password through the “Change Password” link, set recovery options and then set a password.  
screenshot of password.uic.edu

To check to see if a password has been set in the IAM password manager in CSOMENU, do the following steps:
  • Go to 8) query user in MidPoint
  • 3) PASSWORD: password & self-service recovery settings
  • Hit enter and view the information at the top of the screen.  
    • If a password has not been set in the IAM password manager, it will say “Password has never been set.” 
    • If a password has been set in the IAM password manager, it will say “Password exists.”  
screenshot of Midpoint

screenshot of Midpoint

Password is set in MidPoint:
screenshot of Midpoint

Password has never been set in MidPoint:
screenshot of Midpoint

Case 2:  If you have already used the Password Manager Home Page to set your password and you know your current password, you must proceed to that page to set a password (identity.uillinois.edu). You will NOT be able to use your old UIC password recovery options (checking for old password recovery options is discussed below).  To make sure that a person has switched to the IAM password manager, use the CSOMenu steps from the first option above.

Case 3: If your current password has expired or you have forgotten your password, and you have already set your password using the Password Manager Home Page (identity.uillinois.edu), you must proceed to that page and use your password recovery options there to change your password. Begin by using the “I forgot my password” link on identity.uillinois.edu.

Click "I forgot my Password" screenshot


Case 4: If your password is expired (check by looking up user in CSOMenu and it will say that the password is expired right under their list of accounts at the top of the screen), you have not yet used the IAMPassword Manager Home Page (identity.uillinois.edu) and you still know the expired password, then in order to reset your password you must:
  1. Use your expired password to login to (this will just appear as a normal Bluestem login screen: https://accountportal.uic.edu/auth/manage?dispatch=change_panel
  2. Once logged in, you will be prompted to set password recovery settings for the IAM Password Manager Home Page.
  3. Then you will be prompted to proceed to then IAM Password Manager Home Page and use those IAM password recovery settings to set recovery options and a  new password in the IAM password manager.

Case 5:  If you have forgotten your password, and you have not yet used the IAM Password Manager Home Page, but you have previously set up UIC password recovery options, then you may
  1. Use your old password recovery options at: https://accountportal.uic.edu/token/manage?dispatch=cr_panel.screenshot of password challenge questions
  2. When you do so, you will be prompted to set password recovery settings for the IAM Password Manager Home Page.
  3. At that point you will be prompted to proceed to the IAM Password Manager Home Page and use those  new password recovery settings to set your new password.
To check for old/legacy password recovery options in CSOMenu, do the following:
  • Go to 5) Accounts, Passwords, Suspensions
  • Select password [type common] for the user’s primary NetID (a user’s primary NetID is marked PrimaryNetID in the list of NetIDs right below accounts on the CSOMenu screen)
  • Hit enter and view the password recovery section to see if challenge/response or emergency email are set to true (if they are listed as “false, they have not been set up).  
  • Note:  challenge/response answers will be at least 15 characters long.  
 
 screenshot of Midpoint
screenshot of Midpoint
screenshot of Midpoint

Case 6
If:
  • User has not switched to IAM system at identity.uillinois.edu and either:
  • Their password has expired and they don’t remember it
  • They do not have old/legacy password recovery options or they exist but are unable to use either of them
  • User has switched to IAM password manager but did not set up recovery options and does not remember their password
  • You have attempted all above steps and they do not work
The user will need a supervisor’s assistance with a password token.  In person password changes are done only at the following locations and times:

East campus: Direct user to C-Stop BSB between 9 AM – 5 PM.
West campus: Direct user to C-Stop LHS between 9 AM – 5:00 PM.

A VALID UIC I-CARD MUST BE PRESENTED IN ORDER FOR ASSISTANCE WITH A PASSWORD TOKEN.  NO EXCEPTIONS!


Password Token Escalation Steps:

1. Open up the Customer Contact form making sure that you are logged in with your own account and begin making a ticket in the Identity and Access Management service filling in the customer’s UIN, NetID, shift, contact type and additional information sections properly.  For action taken, enter “escalated”.  In the comment field, indicate what you have already tried as far as recovery methods and include the customer’s full name, NetID, UIN and the way they want to receive a token (phone number for SMS and email address for email option, phone number is preferred since it will speed up the process), and then submit the ticket and note the ticket number

2.  If you are in BSB, C-stop supervisor should assist with password token, if available.

3. If the supervisor is not available in BSB, or you are at LHS, call for assistance (start with 1st number):

Supervisor (5-4125)
            
Supervisor (3-1384)
           ↓
SOD Phone (5-0860)
 
The supervisor will ask questions to verify the client’s identity and generate the token.

4. If all fails, email CSOStaff@uic.edu with the ticket number and a summary.



Keywords:password token escalation   Doc ID:84915
Owner:Esteban P.Group:University of Illinois at Chicago ACCC
Created:2018-08-15 14:35 CSTUpdated:2019-11-04 12:51 CST
Sites:University of Illinois at Chicago ACCC
Feedback:  0   0