Identity Management - Credentialing Agents


A limited number of Information Services staff (Computing Accounts Administrators and select Technology Service Desk staff) have access to reset Duck ID passwords. In addition, selected IT employees may be designated as Credentialing Agents and provided with the ability to reset Duck ID passwords within their Active Directory Organizational Unit (AD OU). There can be up to two credentialing agents delegated for each AD OU.

Access must be approved by the department head, or dean, and the CIO.

Access will be granted after approval and the completion of training by Information Services.


How to Apply

To apply as a credentialing agent, download and complete the Credentialing Agent Authorization Form on UO Forms.

Credentialing Agent Identity Manager Account

  1. The credentialing agent account will be a separate account than the everyday account used by the credentialing agent to check email, login to the network, etc.
  2. Use a strong password with a combination of upper and lower case letters, numbers, and special symbols.
  3. The password should not be a derivative of a password that is currently, or was previously in use.
  4. The password must never be used on a customer's computer.
  5. Never share your password with anyone.

Security Recommendations for Computers Used by Credentialing Agents

  1. The hardware should be a departmentally owned and supported computer.
  2. A software firewall must be enabled or the system must be protected by a hardware firewall.
  3. The operating system must be kept up to date with vendor recommended security updates.
  4. The computer should be a single user computer and it should not be used by others, not even on a casual basis.
  5. The computer should be for work-related use only and it should be password protected. There should be no personal/recreational use.
  6. Anti-virus software must be installed and kept current. If your operating system supports it, the UO site-licensed anti-virus software must be installed and be configured for management by the central EPO server.
  7. Direct access to the system must be protected by a system password and screen should lock after 10 minutes of inactivity.
  8. Reasonable effort must be made to keep installed third-party applications updated (i.e., web browsers, Acrobat, QuickTime, etc).
  9. Do not use peer-to-peer applications or other non-essential applications. No games, no personal/recreational web surfing, no personal/recreational messaging.
  10. Physically secure your system against theft. If in a private office, keep your office door locked when you are not present.
  11. Any security issues (computer viruses, system compromise, etc) that may arise with the computer(s) that are used in conjunction with your credentialing agent account must be reported to the Information Services Security group within 24 hours.
  12. Once the computer is reclaimed by the department, the hard disk should be securely wiped.


Article ID: 33093
Mon 7/10/17 2:47 PM
Tue 12/6/22 9:28 AM