Body
Overview
Role/Department accounts provide business continuity for university programs by allowing a single Duck ID account to be used by multiple people with the same function. These accounts may also be referred to as department accounts, non-person accounts, or role account.
These accounts can be passed from one person to another as responsibilities or business needs change.
Quick Navigation
Information
About account types
Select the title of each accordion panel in order to see its contents.
Information
Purpose: Provide a shared contact point and/or web presence for a University of Oregon role, department, group, or activity that can be transferred to another person without a change in the address. Types of usages include but aren't limited to:
- roles and positions
- departments, committees, and task forces
- student clubs and groups
- research labs and teams
Allowed Core Services:
- UOmail and Office 365
- Web hosting on pages.uoregon.edu and Shell
- UO Service Portal
Shared Credential: Username and password may be shared with any any employee, student, or affiliate who has a business reason to access the account. Owner may reassign the account to a new eligible owner at will.
Regulations
Display: Not allowed to identify a person by name
Ownership: Must be owned by staff or faculty
Access Limitations:
- Not allowed to have business application or network access due to shared nature
- Not allowed to access amber or red data due to shared nature
- Not allowed to have Duo/2FA at this time
Information
Purpose: Provide a credential for use with a unique piece of equipment in a controlled environment or dedicated video conferencing hardware in a specific meeting room.
Allowed Core Services:
- UOmail and Office 365
- Web hosting on pages.uoregon.edu and Shell
- UO Service Portal
Shared Credential: Username and password may be shared with any employee, student, or affiliate who has a business reason to access the account. Owner may reassign the account to a new eligible owner at will.
Regulations
Display:
- Not allowed to identify a person by name
- Video conferencing accounts will reflect the meeting room location following convention set by Information Services
Ownership:
- Specialized equipment accounts must be owned by staff or faculty
- Video conferencing accounts must be owned by IT staff
Access Limitations:
- Not allowed to have business application or network access due to shared nature
- Not allowed to access amber or red data due to shared nature
Information
Purpose: Allows guests to share a credential to a fleet of computers in a dedicated campus lab setting.
Allowed Core Services:
- Active Directory
- UO Service Portal
Shared Credential: Username and password may be shared with any person using a computer in the lab. Owner may reassign the account to a new eligible owner at will.
Additional Requirement: Owner is responsible for updating password more frequently when credential is shared with groups and/or members of the general public attending events. Where available, Information Services will limit the logon capabilities of this account to the specific lab where it's in use.
Regulations
Display:
- Must reflect the location of the lab following convention set by Information Services
Ownership:
- Must be owned by staff or faculty acting as lab manager
Access Limitations:
- Not allowed to have business application or network access due to shared nature
- Not allowed to access amber or red data due to shared nature
Information
Purpose: Identity and/or contact point for IT service management, in cases such as:
- A unique identity is needed by a service or software platform to perform automated activities
- A single contact point that can be change ownership over time is needed for an IT service or software vendor relationship
- System administrators need to perform testing and other tasks related to IT service administration
Allowed Core Services:
- UOmail and Office 365
- Web hosting on pages.uoregon.edu and Shell
- UO Service Portal
Shared Usage Limited: Username and password is shared between system administrators and application/service configurations. Other sharing is not allowed due to sensitive nature. Owner may reassign the account to a new eligible owner at will.
Regulations
Display:
- Must reflect the service or software it supports
Ownership:
Access Limitations: Additional services including business application and sensitive data access may be available when conditions are met:
- access is required for the account to serve its function
- relevant service or software architecture allows it
- relevant service and/or data steward(s) approve access
Information
Purpose: Separate elevated permissions for service administration into a second credential as a security measure.
Allowed Core Services:
- UOmail and Office 365
- UO Service Portal
Individual Usage: Password is not shared. Owner may not reassign the account to a new owner. Account will be closed when employment ends.
Regulations
Display:
- Must reflect the owner by name in a convention set by Information Services
Ownership:
- Only available to employees in IT roles who receive elevated unit-wide or system-wide permissions in IT services
- May be owned by student workers and temps in the above positions, but must have account creation requested by their supervisor
Access Limitations: Use of Duo is required.
Additional services may be available when conditions are met:
- access is required for the employee to complete their duties
- relevant service or software architecture allows it
- relevant service owner and/or data steward(s) approve access
Note: Accounts with configurations not described on this page will be reviewed on a case-by-case basis.
About ownership
Each account has a single, named owner. Owners must be current faculty or staff.
The owner is responsible for:
- Use and management of the account
- Updating the password as needed
- Requesting or approving any changes to the account (e.g., an update to the Display Name)
- Requesting or approving closure of the account when it's no longer needed
If the owner on file is no longer available, a dean or department head from the unit using the account may act in the owner's stead to designate a new owner or approve changes to the account.
Activities with Role/Department Accounts
Requesting new accounts
You can request a new account using the Role/Department Account Request page.
To request an account, you must be administrative faculty, faculty, or staff. Students, student employees, temp employees, and other affiliates are not eligible to request role accounts.
Seeing a list of accounts you own
- Visit Duck ID Account Management
- Select Manage Your Duck ID
- Log in with your username, password, and complete verification
- In the Other Users box, select View and update profile
- A new page will load titled Users with a search box, and all role accounts under your control will load underneath
Transferring account ownership
To reassign an account you own to someone else, follow instructions for transferring ownership.
Password resets
To reset the password for a role account you don't own, contact the owner.
Owners can follow instructions for resetting role/department account passwords.
Requesting account changes
Account owners are able to request the following types of changes from Information Services:
- Update the display name
- Add or remove eligible service access like Office 365
- Request the account be closed
To request these changes or discuss other topics about role/department accounts, create a ticket from the Role/Department Account Request page.