Accounts & Access Management

Service Description: 

Identity Management is the toolset we use to create and distribute identities to the many users on our network. This most specifically refers to users VUnetIDs and ePasswords. Most users rarely interact with the Identity system themselves and typically only use it to change their password.

How do I get the service?

• Password Update or Reset   - Follow the referenced instructions to reset your Vanderbilt University ePassword.

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description: 

Identity Management is the toolset we use to create and distribute identities to the many users on our network. This most specifically refers to users VUnetIDs and ePasswords. Most users rarely interact with the Identity system themselves and typically only use it to change their password.

For those looking to change their primary email name, visit this Knowledge article.

How do I get the service?

• New University Employee   - Claim your Vanderbilt University account.  Claiming your Vanderbilt University account is the first step to begin using Vanderbilt University network resources.  Click the "New University Employee" link to claim your VUnetID.
• Claim Invitation - Claim your Vanderbilt account. Claiming your invitation is the first step to begin using Vanderbilt network resources. Click the "Claim Invitation" link to claim your VUnetID. Only users who have been sent a Vanderbilt Invitation are eligible for claiming this type of account.
• Claim Student Account - Claim your Vanderbilt student account.
• Claim Resource Account - Claim your Vanderbilt resource account.

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description:

Multi-Factor Authentication (MFA) provides an additional layer of security for users logging in to a secure environment.

MFA leverages three types of authentication:

• Something you know (VUnetID & password)
• Something you have (physical device)
• Something you are ( e.g. fingerprint, facial recognition)

Vanderbilt University uses Duo Security as its MFA solution. Duo makes authentication easy by allowing individuals to verify their identity via mobile app or Universal 2nd Factor (U2F) device.

How do I get the service?

Enroll Now!

Self Service Portal

To request adding MFA to an application, please request a consultation by submitting an IT work request. For more information, visit Duo Support.

What You Can Request

• Enroll in MFA
• Add MFA to an application

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description:

PingFederate offers application owners the ability to have users sign in once and use the service across all participating applications. This service is also authorized for applications that reside outside of Vanderbilt's network. The service supports SAML, OAUTH, WS-FED, and OpenID connect. Along with authentication, application owners can request that user attribute information be passed back to the application after successful login, thus eliminating the need for the application to make a separate call for this information. With many robust connectors and plugins,  PingFederate integration can be as simple as just configuring a single file to making small development changes to your current application. Application developers should contact their appropriate Resource Manager to initiate SSO service and/or send direct questions to the VUIT SSO Support Team.  To request SSO, see links below for the request form and detailed instructions.  Single Sign on is available for use by all Vanderbilt University and Medical Center faculty and staff.

How do I get the service?

Prior to submitting a request for an SSO connection to be configured please consult your vendor IT representative to determine the Protocol needed.  

• If your protocol is OAuth 2 or OpenID connect you will need to provide Redirect URIs, Scopes and the values of the Claims/Attribute Names you would like returned from us. 
• For a SAML request you can provide the SAML Matadata file or URL.

Process:

1. Fill out and submit a request for a new SSO integration or an update to an existing SSO integration. Select the appropriate form below.  

• SSO New Integration - Request Form
  • Submitting this form begins the process for VUIT to create a new SSO integration for your application(s).
  • Provide the following information and please attach any relevant vendor documentation to the request ticket:  
    • Vendor Name
    • Application Name   
    • Vanderbilt Contact Name
    • Vanderbilt Contact Email
    • VUIT Relationship Manager (dropdown field). Select “I do not know” if you do not know the name of your relationship manage
    • VUIT Project Manager (dropdown field). Select “none” if you do not have a VUIT project manager
    • Application Users (dropdown field). Select user type based on VU/ VUMC and Active/Former.
    • Production Go-Live Date
    • SSO Protocol (dropdown field) - options are: SAML 2.0, OAuth, OpenID
    • MFA (dropdown field). Multifactor authentication (MFA) is required for all applications on the University network. Exemptions to this policy require the submission of a form which will be considered.
    • Application Login URL for both your Prod and Test environments.
    • Subject Return Value (user attribute information passed back to the application upon successful sign in) – the default value is VUnetID.
    • Other specific fields should be entered based on the protocol selected. Missing protocol information will delay request processing.

• SSO Integration Update - Request Form
  • Provide the following information and please attach any relevant vendor documentation to the request ticket:
    • Vendor Name
    • Application Name   
    • Production Go-Live Date  
    • Application Login URL for both your Prod and Test environments.  
    • Additional information can be added to the Update Details field.

2. Once  VUIT receives the SSO request form, a specialist will contact you if more information is needed or to clarify details.

3. VUIT will configure the SSO request in our UAT environment and you will be contacted via email to test successful access to the application.

4. After successfully accessing the application in UAT we will coordinate a time for the Go-live production configuration. During Go-live you will need to have someone available to confirm access to the application via SSO.  

What You Can Request

New Single Sign On Integration or Update to Single Sign On Integration

Contact for Further Assistance:

• Email: VUIT SSO Support

Service Category: Accounts & Access Management

Service Description:

VUIT will provide consultation in regard to the addition, reconfiguration, or removal of network-based firewalls.  This service is available to Vanderbilt University faculty and staff. Authentication and a wired or wireless network connection are required to request this service.

How do I get the service?

Contact your Relationship Manager by submitting an IT Work Request.

What You Can Request

• Consultation
• Palo Alto
• Check Point

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description:

Security Operations has implemented an SSL VPN solution to help meet the remote access needs of Vanderbilt faculty and staff. This service is used to help preserve data confidentiality and integrity when transmitted across the Internet.  The solution allows you to connect to the Vanderbilt network via a VPN client software or web browser capable of using SSL encryption. The SSL VPN allows access to Vanderbilt systems and computing resources with an internet connection in a safe and secure fashion.

How do I get the service?

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description:

Resource accounts are created when usage of individual VUNETID is not feasible. Examples of resource accounts would include accounts created to schedule resources in Exchange, service accounts to access various resources, and Exchange shared mailboxes. Resource accounts are not associated with an individual and they are created with identity attributes that do not correspond to a real person.

How do I get the service?

Request New Resource Account

Contact for Further Assistance: 

• Help Desk Request

• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description: 

VUIT Authentication Services provide login and access control functionality. This service allows users to access the systems and services they have been granted access to and prevents unauthorized users from accessing systems and services to which they have not been granted access. This service is available to Vanderbilt University and Medical Center faculty, staff, and students. Authentication and a wired or wireless network connection are required.

How do I get the service?

• Contact your Relationship Manager.

What You Can Request

• Active Directory Federation Services (ADFS)
• Lightweight Directory Access Protocol (LDAP)
• Active Directory Domain Services
  Radius

Contact for Further Assistance:

• Help Desk Request
• Email: it@vanderbilt.edu

Service Category: Accounts & Access Management

Service Description: 

Privileged Account Management (PAM) helps secure, control, manage, and monitor privileged accounts and access.  Vanderbilt’s chosen PAM solution is CyberArk.  CyberArk provides a service to securely store passwords and keys in an encrypted vault.  It also can change passwords on remote systems.  Authorized users are allowed to securely access and use stored passwords.  Another feature of CyberArk is Privileged Session Management (PSM), which is session recording for privileged accounts. Session recording allows tracking, auditing, and detection of suspicious activity of privileged accounts.  Our PAM solution also provides auditing and logging capabilities.

How do I get the service?

• If you are interested in protecting your privileged accounts, submit a request ticket.

What You Can Request

Enroll in Privileged Account Management (PAM)

Contact for Further Assistance:

• Help Desk Request

Service Category: Accounts & Access Management

Service Description: 

Rights Management Services provide enhanced abilities to secure documents and email. Users may protect documents to prevent them from being printed, copied, or forwarded to unauthorized systems or people. This service is available to Vanderbilt University faculty and IT staff. Authentication and a wired or wireless network connection are required to request this service.

How do I get the service?

• Rights Management Services Request

What You Can Request

RMS

Contact for Further Assistance:

• Help Desk Request

Service Category: Accounts & Access Management

Service Description: 

Digital Certificate Service - SSL Certification for Public or External Facing Use (aka Digicert or Security Certificates) can be obtained for identifying trusted websites and servers for both internal and external use. VUIT offers 1 year Digicert SSL Certificates for purchase through the Vanderbilt University Software Store.  This service is available to Vanderbilt University faculty and staff. To request this service, VUnetID authentication is required, the domain must be owned by Vanderbilt University, and one must complete a Vanderbilt University Software Store order.

Service Charges or Fees

This service costs $128.37/year for each domain secured. Wildcard certificates will incur an additional fee.

How do I get the service?

To order an SSL certificate, place your order through the Vanderbilt University Software Store and submit the "SSL Certificate Request" form listed under "Service Requests".

What You Can Request

• 1 year SSL Certificate
• 1 year Wildcard Certificate
• 1 year SAN Certificate

Contact for Further Assistance:

• Email: software.store@vanderbilt.edu
• Phone: (615) 343 - 3919

Service Category: Accounts & Access Management