Accounts & Access Management

Quick Links

Access Permissions and Requests

Description: Involves managing and controlling user access to various IT resources, systems, and facilities across academic, administrative, and research departments. This service subcategory ensures that authorized personnel have appropriate access privileges while safeguarding university data and resources from unauthorized use or breaches.

Available to Faculty, Staff, Researchers, Students

List of Services

  • Passwords

    Service Description: 

    Identity Management is the toolset we use to create and distribute identities to the many users on our network. This most specifically refers to users VUnetIDs and ePasswords. Most users rarely interact with the Identity system themselves and typically only use it to change their password.

    How do I get the service?

    Contact for Further Assistance:

    Service Category: Accounts & Access Management

  • Identity Management

    Service Description: 

    Identity Management is the toolset we use to create and distribute identities to the many users on our network. This most specifically refers to users VUnetIDs and ePasswords. Most users rarely interact with the Identity system themselves and typically only use it to change their password.

    For those looking to change their primary email name, visit this Knowledge article.

    How do I get the service?

    • New University Employee   - Claim your Vanderbilt University account.  Claiming your Vanderbilt University account is the first step to begin using Vanderbilt University network resources.  Click the "New University Employee" link to claim your VUnetID.
    • Claim Invitation - Claim your Vanderbilt account. Claiming your invitation is the first step to begin using Vanderbilt network resources. Click the "Claim Invitation" link to claim your VUnetID. Only users who have been sent a Vanderbilt Invitation are eligible for claiming this type of account.
    • Claim Student Account - Claim your Vanderbilt student account.
    • Claim Resource Account - Claim your Vanderbilt resource account.

    Contact for Further Assistance:

    Service Category: Accounts & Access Management

  • SSO

    Service Description:

    PingFederate offers application owners the ability to have users sign in once and use the service across all participating applications. This service is also authorized for applications that reside outside of Vanderbilt's network. The service supports SAML, OAUTH, WS-FED, and OpenID connect. Along with authentication, application owners can request that user attribute information be passed back to the application after successful login, thus eliminating the need for the application to make a separate call for this information. With many robust connectors and plugins,  PingFederate integration can be as simple as just configuring a single file to making small development changes to your current application. Application developers should contact their appropriate Resource Manager to initiate SSO service and/or send direct questions to the VUIT SSO Support Team.  To request SSO, see links below for the request form and detailed instructions.  Single Sign on is available for use by all Vanderbilt University and Medical Center faculty and staff.

    How do I get the service?

    Prior to submitting a request for an SSO connection to be configured please consult your vendor IT representative to determine the Protocol needed.  

    • If your protocol is OAuth 2 or OpenID connect you will need to provide Redirect URIs, Scopes and the values of the Claims/Attribute Names you would like returned from us. 
    • For a SAML request you can provide the SAML Matadata file or URL.

    Process:

    1. Fill out and submit a request for a new SSO integration or an update to an existing SSO integration. Select the appropriate form below.  

    • SSO New Integration - Request Form
      • Submitting this form begins the process for VUIT to create a new SSO integration for your application(s).
      • Provide the following information and please attach any relevant vendor documentation to the request ticket:  
        • Vendor Name
        • Application Name   
        • Vanderbilt Contact Name
        • Vanderbilt Contact Email
        • VUIT Relationship Manager (dropdown field). Select “I do not know” if you do not know the name of your relationship manage
        • VUIT Project Manager (dropdown field). Select “none” if you do not have a VUIT project manager
        • Application Users (dropdown field). Select user type based on VU/ VUMC and Active/Former.
        • Production Go-Live Date
        • SSO Protocol (dropdown field) - options are: SAML 2.0, OAuth, OpenID
        • MFA (dropdown field). Multifactor authentication (MFA) is required for all applications on the University network. Exemptions to this policy require the submission of a form which will be considered.
        • Application Login URL for both your Prod and Test environments.
        • Subject Return Value (user attribute information passed back to the application upon successful sign in) – the default value is VUnetID.
        • Other specific fields should be entered based on the protocol selected. Missing protocol information will delay request processing.
    • SSO Integration Update Request Form
      • Provide the following information and please attach any relevant vendor documentation to the request ticket:
        • Vendor Name
        • Application Name   
        • Production Go-Live Date  
        • Application Login URL for both your Prod and Test environments.  
        • Additional information can be added to the Update Details field.

    2. Once  VUIT receives the SSO request form, a specialist will contact you if more information is needed or to clarify details.

    3. VUIT will configure the SSO request in our UAT environment and you will be contacted via email to test successful access to the application.

    4. After successfully accessing the application in UAT we will coordinate a time for the Go-live production configuration. During Go-live you will need to have someone available to confirm access to the application via SSO.  

    What You Can Request

    New Single Sign On Integration or Update to Single Sign On Integration

    Contact for Further Assistance:

    Service Category: Accounts & Access Management

  • Resource Account

    Service Description:

    Resource accounts are created when usage of individual VUNETID is not feasible. Examples of resource accounts would include accounts created to schedule resources in Exchange, service accounts to access various resources, and Exchange shared mailboxes. Resource accounts are not associated with an individual and they are created with identity attributes that do not correspond to a real person.

    How do I get the service?

    Request New Resource Account

    Contact for Further Assistance: 

    Service Category: Accounts & Access Management

  • UKG Ready - Kronos

    Service Description:

    UKG Ready is the timekeeping system used by Vanderbilt's hourly paid employees to record time and absences.

    How do I get the service?

    If you are an hourly paid employee or student worker, or you manage hourly paid employees, login at https://timesheets.vanderbilt.edu

    Contact for Further Assistance: 

    The Oracle My Knowledge knowledge base is available to all faculty, staff and student workers and includes a list of Known Issues and other FAQs.  If you are not able to resolve your issue through the knowledge base, please submit an Oracle service request through My Knowledge  - click Create Service Request on that page to open the brief online form and indicate your issue category for routing to the proper team.

    Service Category: Accounts & Access Management

  • Authentication Services

    Service Description: 

    VUIT Authentication Services provide login and access control functionality. This service allows users to access the systems and services they have been granted access to and prevents unauthorized users from accessing systems and services to which they have not been granted access. This service is available to Vanderbilt University and Medical Center faculty, staff, and students. Authentication and a wired or wireless network connection are required.

    How do I get the service?

    • Contact your Relationship Manager.

    What You Can Request

    • Active Directory Federation Services (ADFS)
    • Lightweight Directory Access Protocol (LDAP)
    • Active Directory Domain Services
      Radius

    Contact for Further Assistance:

    Service Category: Accounts & Access Management

  • Privileged Account Management (PAM)

    Service Description: 

    Privileged Account Management (PAM) helps secure, control, manage, and monitor privileged accounts and access.  Vanderbilt’s chosen PAM solution is CyberArk.  CyberArk provides a service to securely store passwords and keys in an encrypted vault.  It also can change passwords on remote systems.  Authorized users are allowed to securely access and use stored passwords.  Another feature of CyberArk is Privileged Session Management (PSM), which is session recording for privileged accounts. Session recording allows tracking, auditing, and detection of suspicious activity of privileged accounts.  Our PAM solution also provides auditing and logging capabilities.

    How do I get the service?

    • If you are interested in protecting your privileged accounts, submit a request ticket.

    What You Can Request

    Enroll in Privileged Account Management (PAM)

    Contact for Further Assistance:

    Service Category: Accounts & Access Management

  • DigiCert SSL Certificate

    Service Description: 

    Digital Certificate Service - SSL Certification for Public or External Facing Use (aka Digicert or Security Certificates) can be obtained for identifying trusted websites and servers for both internal and external use. VUIT offers 1 year Digicert SSL Certificates for purchase through the Vanderbilt University Software Store.  This service is available to Vanderbilt University faculty and staff. To request this service, VUnetID authentication is required, the domain must be owned by Vanderbilt University, and one must complete a Vanderbilt University Software Store order.

    Service Charges or Fees

    This service costs $128.37/year for each domain secured. Wildcard certificates will incur an additional fee.

    How do I get the service?

    To order an SSL certificate, place your order through the Vanderbilt University Software Store and submit the "SSL Certificate Request" form listed under "Service Requests".

    What You Can Request

    • 1 year SSL Certificate
    • 1 year Wildcard Certificate
    • 1 year SAN Certificate

    Contact for Further Assistance:

    Service Category: Accounts & Access Management